Network
/
2024
9
0
Fork 0
Code Issues 33 Pull Requests Packages Projects Releases Wiki Activity

configs 2024

This commit is contained in:
Yasen6275 2024-11-11 17:35:27 +02:00
parent f3b2b68b64
commit 20c49a630f
48 changed files with 4333 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
APs/DAP.prov.template.tar.gz Normal file
View File

Binary file not shown.

BIN
APs/HIVE.prov.template.tar.gz Normal file
View File

Binary file not shown.

7
APs/README.md Normal file
View File

@ -0,0 +1,7 @@
Templates are not perfektly sunced.
Bridges and interface names have differences.
Same of custom files are not in templates for DAPs
!!! Use as guideline, not as redy to run setup !!!

37
APs/etc/fw_mod.sh Executable file
View File

@ -0,0 +1,37 @@
/usr/bin/logger "Start augmenting FW"
if [ -z "$1" ]; then
sleep 1;
else
sleep $1;
fi
INTERFACES="wifi.22"
all_interfaces_up() {
for iface in $INTERFACES; do
if ! ip link show "$iface" > /dev/null 2>&1; then
return 1 # If any interface is missing, return failure
fi
done
return 0 # All interfaces are up
}
while ! all_interfaces_up; do
echo "Waiting for interfaces to appear: $INTERFACES"
sleep 1 # Wait 1 second before checking again
done
/usr/sbin/nft insert rule inet fw4 forward iif wifi.22 ip saddr == 10.22.0.1 drop
/usr/sbin/nft insert rule inet fw4 forward iif wifi.22 ip saddr == 10.20.0.1 drop
/usr/sbin/nft insert rule inet fw4 forward iif wifi.22 ip saddr != 10.22.0.0/21 drop
/usr/sbin/nft insert rule inet fw4 forward iif wifi.22 ether saddr 3c:ec:ef:be:b9:7f drop
/usr/sbin/nft add table bridge filter
/usr/sbin/nft add chain bridge filter forward '{type filter hook forward priority 0; }'
/usr/sbin/nft add rule bridge filter forward iif { phy0-ap0, phy1-ap0 } ether saddr 3c:ec:ef:be:b9:7f drop
/usr/sbin/nft add rule bridge filter forward iif { phy0-ap0, phy1-ap0 } ip saddr == 10.22.0.1 drop
/usr/sbin/nft add rule bridge filter forward iif { phy0-ap0, phy1-ap0 } ip saddr != 10.22.0.0/22 drop
/usr/sbin/nft add rule bridge filter forward iif { phy0-ap0, phy1-ap0 } ip daddr == 10.22.0.0/22 drop
/usr/bin/logger "Finish augmenting FW"

18
APs/etc/hotplug.d/iface/20-firewall Normal file
View File

@ -0,0 +1,18 @@
#!/bin/sh
has_zone() {
fw4 -q network "$INTERFACE" >/dev/null && return 0
eval $(ubus call "network.interface.$INTERFACE" status | jsonfilter -e 'ZONE=@.data.zone')
fw4 -q zone "$ZONE" >/dev/null
}
[ "$ACTION" = ifup -o "$ACTION" = ifupdate ] || exit 0
[ "$ACTION" = ifupdate -a -z "$IFUPDATE_ADDRESSES" -a -z "$IFUPDATE_DATA" ] && exit 0
/etc/init.d/firewall enabled || exit 0
has_zone || exit 0
logger -t firewall "Reloading firewall due to $ACTION of $INTERFACE ($DEVICE)"
fw4 -q reload
/etc/fw_mod.sh &

65
APs/etc/provisioning_daemon.sh Executable file
View File

@ -0,0 +1,65 @@
#!/bin/ash
device='wifi.20'
url='http://10.20.0.1:34925/p.php'
getProvis(){
curl -s $url -o /dev/null
logger -t provis_$mac "first curl exit code $?"
errorcode=$?
if [ $errorcode -eq 0 ]; then
status_code=$(curl -H 'Content-Type: application/json' -d '{"mac":"'$mac'"} ' -o /dev/null -v -w '%{http_code}' $url)
logger -t provis_$mac "Status code: $status_code"
if [ "$status_code" -eq 200 ]; then
curl -s -H 'Content-Type: application/json' -d '{"mac":"'$mac'"}' $url -o /tmp/tmpProv.sh
return 0
else
logger -t provis_$mac "Non-OK code returned during provisioning: $status_code"
return 1
fi
else
logger -t provis_$mac "Error connecting site. Curl error $errorcode "
return 1
fi
}
newProvis(){
logger -t provis_$mac "Check for new Provisioning"
if [ ! -e "/tmp/oldProv.sh" ]; then
touch "/tmp/oldProv.sh"
fi
oldMD5=$(md5sum /tmp/oldProv.sh | cut -d ' ' -f1)
newMD5=$(md5sum /tmp/tmpProv.sh | cut -d ' ' -f1)
if [ "$oldMD5" != "$newMD5" ]; then
logger -t provis_$mac "New Provisioning found"
return 0
else
logger -t provis_$mac "No new Provisioning"
return 1
fi
}
while true
do
mac=$(cat /sys/class/net/$device/address)
echo $mac
logger -t provis_$mac "Start provisioning cicle"
if getProvis; then
if newProvis; then
mv /tmp/tmpProv.sh /tmp/oldProv.sh
logger -t provis_$mac "Applying new provisioning data."
source /tmp/oldProv.sh
else
logger -t provis_$mac "No new provisioning data."
fi
else
logger -t provis_$mac "Didn't get provosioning data."
fi
#sleep 179
sleep 10
logger -t provis_$mac "End provisioning cicle. Sleeping ..."
done

47
APs/etc/wifi-sentinel.sh Executable file
View File

@ -0,0 +1,47 @@
#!/bin/ash
# Configuration
device="eth0.20"
target_ip="8.8.8.8"
interfaces="phy0-ap0 phy1-ap0"
mac=$(cat /sys/class/net/$device/address)
ip_address=$(ip -4 addr show "$device" | awk '/inet / {print $2}' | cut -d/ -f1)
interval=59
check_ping() {
logger -t wifi_sentinel_$mac_$ip_address "Pinging $target_ip"
ping -c 1 -W 3 "$target_ip" >/dev/null 2>&1
return $?
}
wifi_down() {
logger -t wifi_sentinel_$mac_$ip_address "No response from $target_ip, bringing WiFi interfaces down..."
for interface in $interfaces; do
ip link set "$interface" down
done
}
wifi_up() {
logger -t wifi_sentinel_$mac_$ip_address "Response from $target_ip detected, starting WiFi interfaces..."
for interface in $interfaces; do
ip link set "$interface" up
done
}
# Main loop
wifi_is_down=0
while true; do
if check_ping; then
if [ "$wifi_is_down" -eq 1 ]; then
wifi_up
wifi_is_down=0
fi
else
if [ "$wifi_is_down" -eq 0 ]; then
wifi_down
wifi_is_down=1
fi
fi
sleep "$interval"
done

4
asterisk/README.md Normal file
View File

@ -0,0 +1,4 @@
Install fresh asterisk /reuires pjsip, so 18+ (last used version during OpenFest 2024: v22.0.0)
Copy all the .conf files from this folder into /etc/asterisk/

85
asterisk/extensions.conf Normal file
View File

@ -0,0 +1,85 @@
[trunk]
exten => <noc-phone>,1,Progress()
same = n,Answer()
same = n,Goto(openfest,<noc-phone>,1)
[openfest]
exten => <noc-phone>,1,Dial(PJSIP/NOC1&PJSIP/NOC2&PJSIP/REC1&PJSIP/REC2&PJSIP/TEAM)
same => n,HangUp()
exten = _0NX.,1,Dial(PJSIP/359${EXTEN:1}@atlas-out)
same = n,HangUp()
exten = _00359NX.,1,Dial(PJSIP/${EXTEN:2}@atlas-out)
same = n,HangUp()
exten = _3188X.,1,Dial(PJSIP/${EXTEN}@atlas-out)
same = n,HangUp()
exten = _359NX.,1,Dial(PJSIP/${EXTEN}@atlas-out)
same = n,HangUp()
exten = _+359NX.,1,Dial(PJSIP/${EXTEN:1}@@atlas-out)
same = n,HangUp()
;echo (test)
exten = 666,1,Answer()
same = n,Wait(1)
same = n,Playback(hello-world)
same = n,Echo()
same = n,Hangup()
;MEDIC
exten => 150,1,Dial(PJSIP/<medic-phone>@atlas-out)
; NOC
;exten = 303,1,Dial(PJSIP/noc1&PJSIP/noc2,600,m(of))
exten = 303,1,Dial(PJSIP/NOC1&PJSIP/NOC2)
exten = 3031,1,Dial(PJSIP/NOC1)
exten = 3032,1,Dial(PJSIP/NOC2)
;REC
exten = 301,1,Dial(PJSIP/REC1)
exten = 302,1,Dial(PJSIP/REC2)
;Team
exten = 304,1,Dial(PJSIP/TEAM)
;Conf rooms
exten = 1001,1,Dial(PJSIP/ROOM-A)
exten = 1002,1,Dial(PJSIP/ROOM-B)
exten = 1006,1,Dial(PJSIP/ROOM-Z)
;Separated clients
exten = 401,1,Dial(PJSIP/401)
exten = 402,1,Dial(PJSIP/402)
exten = 403,1,Dial(PJSIP/403)
exten = 404,1,Dial(PJSIP/404)
exten = 405,1,Dial(PJSIP/405)
exten = 406,1,Dial(PJSIP/406)
exten = 407,1,Dial(PJSIP/407)
exten = 408,1,Dial(PJSIP/408)
exten = 409,1,Dial(PJSIP/409)
exten = 410,1,Dial(PJSIP/410)
exten = 411,1,Dial(PJSIP/411)
exten = 412,1,Dial(PJSIP/412)
exten = 413,1,Dial(PJSIP/413)
exten = 414,1,Dial(PJSIP/414)
exten = 415,1,Dial(PJSIP/415)
exten = 416,1,Dial(PJSIP/416)
exten = 417,1,Dial(PJSIP/417)
exten = 418,1,Dial(PJSIP/418)
exten = 419,1,Dial(PJSIP/419)
exten = 420,1,Dial(PJSIP/420)
[HINTS]
exten = 301,hint,PJSIP/REC1
exten = 302,hint,PJSIP/REC2
exten = 304,hint,PJSIP/TEAM
exten = 1001,hint,PJSIP/ROOM-A
exten = 1002,hint,PJSIP/ROOM-B
exten = 1006,hint,PJSIP/ROOM-Z

186
asterisk/logger.conf Normal file
View File

@ -0,0 +1,186 @@
;
; Logging Configuration
;
; In this file, you configure logging to files or to
; the syslog system.
;
; "logger reload" at the CLI will reload configuration
; of the logging system.
[general]
;
; Customize the display of debug message time stamps
; this example is the ISO 8601 date format (yyyy-mm-dd HH:MM:SS)
;
; see strftime(3) Linux manual for format specifiers. Note that there is also
; a fractional second parameter which may be used in this field. Use %1q
; for tenths, %2q for hundredths, etc.
;
;dateformat=%F %T ; ISO 8601 date format
;dateformat=%F %T.%3q ; with milliseconds
;
;
; This makes Asterisk write callids to log messages
; (defaults to yes)
;use_callids = no
;
; This appends the hostname to the name of the log files.
;appendhostname = yes
;
; This determines whether or not we log queue events to a file
; (defaults to yes).
;queue_log = no
;
; Determines whether the queue_log always goes to a file, even
; when a realtime backend is present (defaults to no).
;queue_log_to_file = yes
;
; Set the queue_log filename
; (defaults to queue_log)
;queue_log_name = queue_log
;
; When using realtime for the queue log, use GMT for the timestamp
; instead of localtime. The default of this option is 'no'.
;queue_log_realtime_use_gmt = yes
;
; Log rotation strategy:
; none: Do not perform any logrotation at all. You should make
; very sure to set up some external logrotate mechanism
; as the asterisk logs can get very large, very quickly.
; sequential: Rename archived logs in order, such that the newest
; has the highest sequence number [default]. When
; exec_after_rotate is set, ${filename} will specify
; the new archived logfile.
; rotate: Rotate all the old files, such that the oldest has the
; highest sequence number [this is the expected behavior
; for Unix administrators]. When exec_after_rotate is
; set, ${filename} will specify the original root filename.
; timestamp: Rename the logfiles using a timestamp instead of a
; sequence number when "logger rotate" is executed.
; When exec_after_rotate is set, ${filename} will
; specify the new archived logfile.
;rotatestrategy = rotate
;
; Run a system command after rotating the files. This is mainly
; useful for rotatestrategy=rotate. The example allows the last
; two archive files to remain uncompressed, but after that point,
; they are compressed on disk.
;
; exec_after_rotate=gzip -9 ${filename}.2
;
;
; For each file, specify what to log.
;
; For console logging, you set options at start of
; Asterisk with -v for verbose and -d for debug
; See 'asterisk -h' for more information.
;
; Directory for log files is configures in asterisk.conf
; option astlogdir
;
; All log messages go to a queue serviced by a single thread
; which does all the IO. This setting controls how big that
; queue can get (and therefore how much memory is allocated)
; before new messages are discarded.
; The default is 1000
;logger_queue_limit = 250
;
; Any custom logging levels you may want to use, which can then
; be sent to logging channels. The maximum number of custom
; levels is 16, but not all of these may be available if modules
; in Asterisk define their own.
;custom_levels = foobar,important,compliance
;
[logfiles]
;
; Format is:
;
; logger_name => [formatter]levels
;
; The name of the logger dictates not only the name of the logging
; channel, but also its type. Valid types are:
; - 'console' - The root console of Asterisk
; - 'syslog' - Linux syslog, with facilities specified afterwards with
; a period delimiter, e.g., 'syslog.local0'
; - 'filename' - The name of the log file to create. This is the default
; for log channels.
;
; Filenames can either be relative to the standard Asterisk log directory
; (see 'astlogdir' in asterisk.conf), or absolute paths that begin with
; '/'.
;
; An optional formatter can be specified prior to the log levels sent
; to the log channel. The formatter is defined immediately preceeding the
; levels, and is enclosed in square brackets. Valid formatters are:
; - [default] - The default formatter, this outputs log messages using a
; human readable format.
; - [plain] - The plain formatter, this outputs log messages using a
; human readable format with the addition of function name
; and line number. No color escape codes are ever printed
; nor are verbose messages treated specially.
; - [json] - Log the output in JSON. Note that JSON formatted log entries,
; if specified for a logger type of 'console', will be formatted
; per the 'default' formatter for log messages of type VERBOSE.
; This is due to the remote consoles interpreting verbosity
; outside of the logging subsystem.
;
; Log levels include the following, and are specified in a comma delineated
; list:
; debug
; trace
; notice
; warning
; error
; verbose(<level>)
; dtmf
; fax
; security
; <customlevel>
;
; Verbose takes an optional argument, in the form of an integer level. The
; verbose level can be set per logfile. Verbose messages with higher levels
; will not be logged to the file. If the verbose level is not specified, it
; will log verbose messages following the current level of the root console.
;
; Debug has multiple levels like verbose. However, it is a system wide setting
; and cannot be specified per logfile. You specify the debug level elsewhere
; such as the CLI 'core set debug 3', starting Asterisk with '-ddd', or in
; asterisk.conf 'debug=3'.
;
; Special level name "*" means all levels, even dynamic levels registered
; by modules after the logger has been initialized (this means that loading
; and unloading modules that create/remove dynamic logger levels will result
; in these levels being included on filenames that have a level name of "*",
; without any need to perform a 'logger reload' or similar operation).
; Note that there is no value in specifying both "*" and specific level names
; for a filename; the "*" level means all levels. The only exception is if
; you need to specify a specific verbose level. e.g, "verbose(3),*".
;
; We highly recommend that you DO NOT turn on debug mode if you are simply
; running a production system. Debug mode turns on a LOT of extra messages,
; most of which you are unlikely to understand without an understanding of
; the underlying code. Do NOT report debug messages as code issues, unless
; you have a specific issue that you are attempting to debug. They are
; messages for just that -- debugging -- and do not rise to the level of
; something that merit your attention as an Asterisk administrator. Both
; debug and trace messages are also very verbose and can and do fill up
; logfiles quickly. This is another reason not to have debug or trace
; modes on a production system unless you are in the process of debugging
; a specific issue.
;
debug.log => error,warning,notice,verbose,debug
trace.log => trace
security.log => security
;console => notice,warning,error
console => notice,warning,error,verbose,debug
messages.log => notice,warning,error
;full.log => notice,warning,error,debug,verbose,dtmf,fax
;
full-json.log => [json]debug,verbose,notice,warning,error,dtmf,fax
;
;syslog keyword : This special keyword logs to syslog facility
;
;syslog.local0 => notice,warning,error
;
; A log level defined in 'custom_levels' above
;important.log = important

387
asterisk/pjsip.conf Normal file
View File

@ -0,0 +1,387 @@
;===============TRANSPORT
[simpletrans]
type=transport
protocol=udp
bind=0.0.0.0
;===============ENDPOINT TEMPLATES
[endpoint-basic](!)
type=endpoint
context=openfest
disallow=all
allow=alaw
subscribe_context=HINTS
allow_subscribe=yes
[endpoint-trunk](!)
type=endpoint
context=trunk
disallow=all
allow=alaw
[auth-userpass](!)
type=auth
auth_type=userpass
[aor-single-reg](!)
type=aor
max_contacts=1
;========== ATLAS OUT ===============
[atlas-out](endpoint-trunk)
type=endpoint
auth=authAtlas-Out
outbound_auth=authAtlas-Out
direct_media=no
aors=atlas-out
[authAtlas-Out]
type=auth
auth_type=userpass
username=<sip-subscriber>
password=<sip-subscriber-pass>
[atlas-out]
type=aor
contact=sip:<sip-server-ip>:5060
qualify_frequency=30
qualify_timeout=5
[atlas-out]
type=registration
outbound_auth=authAtlas-Out
server_uri=sip:<sip-domain>
client_uri=sip:<user>@<sip-domain>
[authAtlas-Out]
type=identify
endpoint=atlas-out
match=<sip-server-ip>
;===============EXTENSION NOC1
[NOC1](endpoint-basic)
auth=authNOC1
aors=NOC1
[authNOC1](auth-userpass)
password=<some-rand-password>
username=NOC1
[NOC1](aor-single-reg)
;===============EXTENSION NOC2
[NOC2](endpoint-basic)
auth=authNOC2
aors=NOC2
[authNOC2](auth-userpass)
password=<some-rand-password>
username=NOC2
[NOC2](aor-single-reg)
;===============EXTENSION REC1
[REC1](endpoint-basic)
auth=authREC1
aors=REC1
[authREC1](auth-userpass)
password=<some-rand-password>
username=REC1
[REC1](aor-single-reg2
;===============EXTENSION REC2
[REC2](endpoint-basic)
auth=authREC2
aors=REC2
[authREC2](auth-userpass)
password=<some-rand-password>
username=REC2
[REC2](aor-single-reg)
;===============EXTENSION ROOM-A
[ROOM-A](endpoint-basic)
auth=authROOM-A
aors=ROOM-A
[authROOM-A](auth-userpass)
password=<some-rand-password>
username=ROOM-A
[ROOM-A](aor-single-reg)
;===============EXTENSION ROOM-B
[ROOM-B](endpoint-basic)
auth=authROOM-B
aors=ROOM-B
[authROOM-B](auth-userpass)
password=<some-rand-password>
username=ROOM-B
[ROOM-B](aor-single-reg)
;===============EXTENSION ROOM-Z
[ROOM-Z](endpoint-basic)
auth=authROOM-Z
aors=ROOM-Z
[authROOM-Z](auth-userpass)
password=<some-rand-password>
username=ROOM-Z
[ROOM-Z](aor-single-reg)
;===============EXTENSION TEAM
[TEAM](endpoint-basic)
auth=authTEAM
aors=TEAM
[authTEAM](auth-userpass)
password=<some-rand-password>
username=TEAM
[TEAM](aor-single-reg)
;
;==============EXTENSION 401
[401](endpoint-basic)
auth=auth401
aors=401
[auth401](auth-userpass)
password=<some-rand-password>
username=401
[401](aor-single-reg)
;==============EXTENSION 402
[402](endpoint-basic)
auth=auth402
aors=402
[auth402](auth-userpass)
password=<some-rand-password>
username=402
[402](aor-single-reg)
;==============EXTENSION 403
[403](endpoint-basic)
auth=auth403
aors=403
[auth403](auth-userpass)
password=<some-rand-password>
username=403
[403](aor-single-reg)
;==============EXTENSION 404
[404](endpoint-basic)
auth=auth404
aors=404
[auth404](auth-userpass)
password=<some-rand-password>
username=404
[404](aor-single-reg)
;==============EXTENSION 405
[405](endpoint-basic)
auth=auth405
aors=405
[auth405](auth-userpass)
password=<some-rand-password>
username=405
[405](aor-single-reg)
;==============EXTENSION 406
[406](endpoint-basic)
auth=auth406
aors=406
[auth406](auth-userpass)
password=<some-rand-password>
username=406
[406](aor-single-reg)
;==============EXTENSION 407
[407](endpoint-basic)
auth=auth407
aors=407
[auth407](auth-userpass)
password=<some-rand-password>
username=407
[407](aor-single-reg)
;==============EXTENSION 408
[408](endpoint-basic)
auth=auth408
aors=408
[auth408](auth-userpass)
password=<some-rand-password>
username=408
[408](aor-single-reg)
;==============EXTENSION 409
[409](endpoint-basic)
auth=auth409
aors=409
[auth409](auth-userpass)
password=<some-rand-password>
username=409
[409](aor-single-reg)
;==============EXTENSION 410
[410](endpoint-basic)
auth=auth410
aors=410
[auth410](auth-userpass)
password=<some-rand-password>
username=410
[410](aor-single-reg)
;==============EXTENSION 411
[411](endpoint-basic)
auth=auth411
aors=411
[auth411](auth-userpass)
password=<some-rand-password>
username=411
[411](aor-single-reg)
;==============EXTENSION 412
[412](endpoint-basic)
auth=auth412
aors=412
[auth412](auth-userpass)
password=<some-rand-password>
username=412
[412](aor-single-reg)
;==============EXTENSION 413
[413](endpoint-basic)
auth=auth413
aors=413
[auth413](auth-userpass)
password=<some-rand-password>
username=413
[413](aor-single-reg)
;==============EXTENSION 414
[414](endpoint-basic)
auth=auth414
aors=414
[auth414](auth-userpass)
password=<some-rand-password>
username=414
[414](aor-single-reg)
;==============EXTENSION 415
[415](endpoint-basic)
auth=auth415
aors=415
[auth415](auth-userpass)
password=<some-rand-password>
username=415
[415](aor-single-reg)
;==============EXTENSION 416
[416](endpoint-basic)
auth=auth416
aors=416
[auth416](auth-userpass)
password=<some-rand-password>
username=416
[416](aor-single-reg)
;==============EXTENSION 417
[417](endpoint-basic)
auth=auth417
aors=417
[auth417](auth-userpass)
password=<some-rand-password>
username=417
[417](aor-single-reg)
;==============EXTENSION 418
[418](endpoint-basic)
auth=auth418
aors=418
[auth418](auth-userpass)
password=<some-rand-password>
username=418
[418](aor-single-reg)
;==============EXTENSION 419
[419](endpoint-basic)
auth=auth419
aors=419
[auth419](auth-userpass)
password=<some-rand-password>
username=419
[419](aor-single-reg)
;==============EXTENSION 420
[420](endpoint-basic)
auth=auth420
aors=420
[auth420](auth-userpass)
password=<some-rand-password>
username=420
[420](aor-single-reg)

BIN
docs/Downlink_JA.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 252 KiB

BIN
docs/downlink_fl0.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 221 KiB

76
docs/ip-assignments.md Normal file
View File

@ -0,0 +1,76 @@
# IP ranges assignments
## VLANs
ID | IP/Range | Name | Notes
---|----------|------|---------
10 | single ip | NAT-ed | Provided by A1
20 | 10.20.0.0/24 | mgmt |
21 | 10.21.0.0/22 | wired | wired clients
22 | 10.22.0.0/22 | wireless | ap
23 | 10.23.0.0/24 | video | video team
24 | 10.24.0.0/24 | overflow | overflow TV's
25 | 10.25.0.0/24 | reception | Reception related
26 | 10.26.0.0/24 | VoIP | Phones
27 | 10.27.0.0/24 | workshop | random ppl
207| subnets | provided by IPAct
## Assignments
### MGMT
IP | Name | Notes
---|------|------
.1 | sonata | router/services
.11 | sw-core| CORE
.11 | core-backup| backu CORE(NO PoE)
.15 | sw-floor0| floor0 interconnecting switch
.16 | sw-barier| switch barier
.21 | sw-voc-a| video team switch room A
.22 | sw-voc-b| video team switch room B
.23 | sw-voc-z| video team switch room Z
.24 | sw-gkc| GKC switch
.25 | sw-rec-ja| Reception switch
.26 | sw-team| switch for teamroom
.27 | sw-workshop| switch workshop Floor 0
.28 | sw-noc| NOC
.51 | ap-voc-a |
.52 | ap-ws-front |
.53 | ap-voc-b |
.54 | ap-lector-a |
.55 | ap-lector-b |
.56 | ap-ws-back |
.57 | ap-noc|
.58 | ap-ws0-left |
.59 | ap-ws0-right |
.60 | ap-voc-z|
### Video WORK IN PROGRESS
IP | Name | Notes
---|------|------
.1 | sonata |
### Overflow
IP | Name | Notes
---|------|------
.1 | sonata |
### Wired
IP | Name | Notes
---|------|------
.1 | sonata |
### Reception
IP | Name | Notes
---|------|------
.1 | sonata |
### VoIP
IP | Name | Notes
---|------|------
.1 | sonata |
.10 |phone-noc|
.11 |phone-voc-a|
.12 |phone-voc-b|
.13 |phone-voc-z|
.14 |phone-rec-ja|
.15 |phone-rec-z|
.16 |phone-team|

16
docs/notes.md Normal file
View File

@ -0,0 +1,16 @@
GKC ports
Uplink from barier
3th pair of T11. First or Second rack facing the door.
Downlink to JA
3th pair of "Форум". Rack next to uplink
JA port
Uplink to Fl0
3th pair of top ODF

BIN
docs/uplink_bariara.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 241 KiB

123
etc/dhcpd.conf Normal file
View File

@ -0,0 +1,123 @@
# dhcpd.conf
default-lease-time 600;
max-lease-time 7200;
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
subnet 10.20.0.0 netmask 255.255.255.0 {
option routers 10.20.0.1;
option domain-name-servers 10.20.0.1;
option domain-name "openfest.org";
range 10.20.0.100 10.20.0.250;
default-lease-time 7200;
}
subnet 10.21.0.0 netmask 255.255.252.0 {
option routers 10.21.0.1;
option domain-name-servers 10.21.0.1;
option domain-name "net.openfest.org";
range 10.21.0.100 10.21.3.250;
default-lease-time 600;
}
subnet 10.22.0.0 netmask 255.255.252.0 {
option routers 10.22.0.1;
option domain-name-servers 10.22.0.1;
option domain-name "net.openfest.org";
range 10.22.0.2 10.22.3.240;
default-lease-time 600;
}
subnet 10.23.0.0 netmask 255.255.255.0 {
option routers 10.23.0.1;
option domain-name-servers 10.23.0.1;
option domain-name "video.openfest.org";
range 10.23.0.100 10.23.0.250;
default-lease-time 7200;
}
subnet 10.24.0.0 netmask 255.255.255.0 {
option routers 10.24.0.1;
option domain-name-servers 10.24.0.1;
option domain-name "overflow.openfest.org";
range 10.24.0.100 10.24.0.250;
default-lease-time 7200;
}
subnet 10.25.0.0 netmask 255.255.255.0 {
option routers 10.25.0.1;
option domain-name-servers 10.25.0.1;
option domain-name "reception.openfest.org";
range 10.25.0.100 10.25.0.250;
default-lease-time 7200;
}
subnet 10.26.0.0 netmask 255.255.255.0 {
option routers 10.26.0.1;
option domain-name-servers 10.26.0.1;
option domain-name "voice.openfest.org";
range 10.26.0.100 10.26.0.250;
default-lease-time 7200;
}
subnet 10.27.0.0 netmask 255.255.255.0 {
option routers 10.27.0.1;
option domain-name-servers 10.27.0.1;
option domain-name "ws.openfest.org";
range 10.27.0.100 10.27.0.250;
default-lease-time 7200;
}
subnet 10.22.4.0 netmask 255.255.252.0 {
option routers 10.22.4.1;
option domain-name-servers 10.22.4.1;
option domain-name "net.openfest.org";
range 10.22.4.2 10.22.7.240;
default-lease-time 600;
}
host phone-noc {
hardware ethernet 2c:86:d2:10:ce:2d;
fixed-address 10.26.0.10;
}
host phone-voc-a {
hardware ethernet 00:9a:d2:c7:38:ba;
fixed-address 10.26.0.11;
}
host phone-voc-b {
hardware ethernet e0:2f:6d:60:81:75;
fixed-address 10.26.0.12;
}
host phone-voc-z {
hardware ethernet 00:9a:d2:c7:38:e8;
fixed-address 10.26.0.13;
}
host phone-voc-rec-ja {
hardware ethernet 00:9a:d2:c7:38:c8;
fixed-address 10.26.0.14;
}
host phone-voc-rec-z {
hardware ethernet 00:9a:d2:c7:3a:57;
fixed-address 10.26.0.15;
}
host phone-voc-team {
hardware ethernet 00:0e:08:d2:ac:1b;
fixed-address 10.26.0.16;
}

48
etc/firewall Normal file
View File

@ -0,0 +1,48 @@
# Generated by iptables-save v1.8.9 (nf_tables) on Sat Nov 2 10:52:22 2024
*filter
:INPUT ACCEPT [25298:5332366]
:FORWARD ACCEPT [13306485:21895236661]
:OUTPUT ACCEPT [379222:49662999]
:f2b-sshd - [0:0]
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
-A INPUT -s 10.26.0.0/16 -d 10.26.0.1/32 -p udp -m udp --dport 5060 -j ACCEPT
-A INPUT -s 10.26.0.0/16 -d 10.26.0.1/32 -p udp -m udp --dport 10000:20000 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -s 10.20.0.0/16 -d 10.0.0.0/8 -j ACCEPT
-A INPUT -s 10.16.0.0/12 -d 10.0.0.0/8 -m comment --comment "Unknown traffic" -j LOG
-A INPUT -i lo -j ACCEPT
-A INPUT -s 10.0.0.0/8 -p tcp -m multiport --dports 80,443 -j ACCEPT
-A FORWARD -s 10.21.0.0/16 -d 10.0.0.0/8 -j DROP
-A FORWARD -s 10.22.0.0/16 -d 10.0.0.0/8 -j DROP
-A FORWARD -s 10.26.0.0/16 -d 10.0.0.0/8 -j DROP
-A FORWARD -s 10.27.0.0/16 -d 10.0.0.0/8 -j DROP
-A INPUT -s 10.21.0.0/16 -d 10.0.0.0/8 -j DROP
-A INPUT -s 10.22.0.0/16 -d 10.0.0.0/8 -j DROP
-A INPUT -s 10.23.0.0/16 -d 10.0.0.0/8 -j DROP
-A INPUT -s 10.24.0.0/16 -d 10.0.0.0/8 -j DROP
-A INPUT -s 10.25.0.0/16 -d 10.0.0.0/8 -j DROP
-A INPUT -s 10.26.0.0/16 -d 10.0.0.0/8 -j DROP
-A INPUT -s 10.27.0.0/16 -d 10.0.0.0/8 -j DROP
-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
-A f2b-sshd -j RETURN
COMMIT
# Completed on Sat Nov 2 10:52:22 2024
# Generated by iptables-save v1.8.9 (nf_tables) on Sat Nov 2 10:52:22 2024
*nat
:PREROUTING ACCEPT [62968:10626577]
:INPUT ACCEPT [17162:1392257]
:OUTPUT ACCEPT [35016:2739063]
:POSTROUTING ACCEPT [27488:2120027]
-A POSTROUTING -o eno2.207 -j MASQUERADE
-A POSTROUTING -o eno2.10 -j MASQUERADE
COMMIT
# Completed on Sat Nov 2 10:52:22 2024

43
etc/hosts Normal file
View File

@ -0,0 +1,43 @@
127.0.0.1 localhost
#local records
10.20.0.1 sonata
10.20.0.11 sw-core
10.20.0.12 core-backup
10.20.0.15 sw-floor0
10.20.0.16 sw-barier
10.20.0.21 sw-voc-a
10.20.0.22 sw-voc-b
10.20.0.23 sw-voc-z
10.20.0.24 sw-gkc
10.20.0.25 sw-rec-ja
10.20.0.26 sw-team
10.20.0.27 sw-workshop
10.20.0.28 sw-noc
10.20.0.51 ap-voc-a
10.20.0.52 ap-ws-front
10.20.0.53 ap-voc-b
10.20.0.54 ap-lector-a
10.20.0.55 ap-lector-b
10.20.0.56 ap-ws-back
10.20.0.57 ap-noc
10.20.0.58 ap-ws0-left
10.20.0.59 ap-ws0-right
10.20.0.60 ap-voc-z
10.26.0.10 phone-noc
10.26.0.11 phone-voc-a
10.26.0.12 phone-voc-b
10.26.0.13 phone-voc-z
10.26.0.14 phone-rec-ja
10.26.0.15 phone-rec-z
10.26.0.16 phone-team
10.23.0.1 sonata
10.24.0.1 sonata
10.25.0.1 sonata
10.26.0.1 sonata
10.27.0.1 sonata

307
etc/interfaces Normal file
View File

@ -0,0 +1,307 @@
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eno1
allow-hotplug eno2
# A1 backup
auto eno2.10
iface eno2.10 inet dhcp
auto eno2.20
iface eno2.20 inet static
address 10.20.0.1/24
auto eno2.207
iface eno2.207 inet static
address @_ADDRESS_@/@_PREFIX_@
post-up /sbin/ip r add 1.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 2.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 3.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 4.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 5.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 6.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 7.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 8.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 9.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 11.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 12.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 13.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 14.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 15.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 16.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 17.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 18.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 19.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 20.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 21.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 22.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 23.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 24.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 25.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 26.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 27.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 28.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 29.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 30.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 31.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 32.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 33.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 34.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 35.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 36.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 37.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 38.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 39.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 40.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 41.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 42.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 43.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 44.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 45.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 46.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 47.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 48.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 49.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 50.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 51.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 52.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 53.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 54.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 55.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 56.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 57.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 58.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 59.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 60.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 61.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 62.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 63.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 64.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 65.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 66.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 67.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 68.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 69.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 70.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 71.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 72.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 73.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 74.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 75.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 76.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 77.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 78.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 79.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 80.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 81.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 82.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 83.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 84.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 85.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 86.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 87.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 88.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 89.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 90.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 91.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 92.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 93.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 94.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 95.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 96.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 97.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 98.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 99.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 100.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 101.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 102.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 103.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 104.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 105.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 106.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 107.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 108.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 109.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 110.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 111.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 112.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 113.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 114.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 115.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 116.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 117.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 118.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 119.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 120.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 121.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 122.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 123.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 124.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 125.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 126.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 127.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 128.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 129.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 130.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 131.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 132.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 133.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 134.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 135.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 136.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 137.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 138.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 139.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 140.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 141.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 142.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 143.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 144.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 145.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 146.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 147.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 148.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 149.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 150.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 151.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 152.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 153.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 154.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 155.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 156.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 157.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 158.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 159.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 160.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 161.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 162.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 163.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 164.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 165.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 166.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 167.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 168.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 169.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 170.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 171.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 172.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 173.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 174.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 175.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 176.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 177.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 178.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 179.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 180.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 181.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 182.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 183.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 184.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 185.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 186.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 187.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 188.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 189.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 190.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 191.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 192.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 193.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 194.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 195.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 196.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 197.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 198.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 199.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 200.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 201.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 202.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 203.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 204.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 205.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 206.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 207.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 208.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 209.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 210.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 211.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 212.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 213.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 214.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 215.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 216.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 217.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 218.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 219.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 220.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 221.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 222.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 223.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 224.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 225.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 226.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 227.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 228.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 229.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 230.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 231.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 232.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 233.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 234.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 235.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 236.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 237.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 238.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 239.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 240.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 241.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 242.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 243.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 244.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 245.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 246.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 247.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 248.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 249.0.0.0/8 via @_GATEWAY_@
post-up /sbin/ip r add 250.0.0.0/8 via @_GATEWAY_@
auto eno2.21
iface eno2.21 inet static
address 10.21.0.1/24
auto eno2.22
iface eno2.22 inet static
address 10.22.0.1/22
auto eno2.23
iface eno2.23 inet static
address 10.23.0.1/24
auto eno2.24
iface eno2.24 inet static
address 10.24.0.1/24
auto eno2.25
iface eno2.25 inet static
address 10.25.0.1/24
auto eno2.26
iface eno2.26 inet static
address 10.26.0.1/24
auto eno2.27
iface eno2.27 inet static
address 10.27.0.1/24
auto eno2.28
iface eno2.28 inet static
address 10.22.4.1/22

35
etc/unbound.conf Normal file
View File

@ -0,0 +1,35 @@
# Unbound configuration file for Debian.
#
# See the unbound.conf(5) man page.
#
# See /usr/share/doc/unbound/examples/unbound.conf for a commented
# reference config file.
#
# The following line includes additional configuration files from the
# /etc/unbound/unbound.conf.d directory.
server:
interface: 0.0.0.0 # Listen on all interfaces
access-control: 0.0.0.0/0 allow # Allow access from all networks
verbosity: 1 # Set verbosity for easier troubleshooting (optional)
# Enable caching
msg-cache-size: 50m # Message cache size (adjust as needed)
rrset-cache-size: 100m # Resource record set cache size (adjust as needed)
cache-max-ttl: 86400 # Max time-to-live for cache (1 day)
cache-min-ttl: 3600 # Min time-to-live for cache (1 hour)
# Timeout settings for faster fallback if cache/local records fail
infra-host-ttl: 60 # Cache infrastructure hosts for 1 minute
infra-lame-ttl: 600 # Cache lame delegations for 10 minutes
do-ip4: yes # Only use IPv4 if your ISP DNS does not support IPv6
do-ip6: no # Disable IPv6 if not needed
do-udp: yes # Enable UDP for DNS
do-tcp: yes # Enable TCP for DNS
forward-zone:
name: "." # Forward all other queries
forward-addr: 8.8.8.8 # Primary ISP DNS server
forward-addr: 1.1.1.1 # Secondary ISP DNS server
include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"

3
etc/wifi-provisioning/README.md Normal file
View File

@ -0,0 +1,3 @@
Configuration files for wifi provosioning
Should be in /etc/wifi-provisioning

82
etc/wifi-provisioning/config.json Normal file
View File

@ -0,0 +1,82 @@
{
"1": {
"name": "ap-voc-a",
"ip_addr": "10.20.0.51",
"wifi_channel_24": 13,
"wifi_channel_5": 128,
"power_24": 20,
"power_5": 22
},
"2": {
"name": "ap-ws-front",
"ip_addr": "10.20.0.52",
"wifi_channel_24": 1,
"wifi_channel_5": 116,
"power_24": 16,
"power_5": 19
},
"3": {
"name": "ap-voc-b",
"ip_addr": "10.20.0.53",
"wifi_channel_24": 1,
"wifi_channel_5": 108,
"power_24": 20,
"power_5": 21
},
"4": {
"name": "ap-lector-a",
"ip_addr": "10.20.0.54",
"wifi_channel_24": 5,
"wifi_channel_5": 64,
"power_24": 17,
"power_5": 22
},
"5": {
"name": "ap-lector-b",
"ip_addr": "10.20.0.55",
"wifi_channel_24": 9,
"wifi_channel_5": 120,
"power_24": 11,
"power_5": 14
},
"6": {
"name": "ap-ws-back",
"ip_addr": "10.20.0.56",
"wifi_channel_24": 9,
"wifi_channel_5": 100,
"power_24": 16,
"power_5": 8
},
"7": {
"name": "ap-noc",
"ip_addr": "10.20.0.57",
"wifi_channel_24": 6,
"wifi_channel_5": 132,
"power_24": 14,
"power_5": 7
},
"8": {
"name": "ap-ws0-left",
"ip_addr": "10.20.0.58",
"wifi_channel_24": 1,
"wifi_channel_5": 116,
"power_24": 15,
"power_5": 20
},
"9": {
"name": "ap-ws0-right",
"ip_addr": "10.20.0.59",
"wifi_channel_24": 11,
"wifi_channel_5": 100,
"power_24": 14,
"power_5": 13
},
"11": {
"name": "ap-voc-z",
"ip_addr": "10.20.0.60",
"wifi_channel_24": 8,
"wifi_channel_5": 132,
"power_24": 20,
"power_5": 22
}
}

1
etc/wifi-provisioning/devices.json Normal file
View File

@ -0,0 +1 @@
{"40:18:b1:24:72:c0":"AP121","40:18:b1:23:7a:c0":"AP121","40:18:b1:23:7b:40":"AP121","f0:9c:e9:aa:39:c0":"AP121","40:18:b1:f5:96:c0":"AP121","40:18:b1:05:8e:40":"AP121","40:18:b1:23:6d:00":"AP121","c4:12:f5:a7:d2:00":"DAP","c4:12:f5:a6:63:70":"DAP","9c:d6:43:2d:b8:e0":"DAP","9c:d6:43:27:5f:70":"DAP","9c:d6:43:2d:b9:30":"DAP","f0:9c:e9:aa:90:00":"AP121"}

12
etc/wifi-provisioning/mapping.json Normal file
View File

@ -0,0 +1,12 @@
{
"40:18:b1:24:72:c0": 1,
"40:18:b1:23:7a:c0": 2,
"40:18:b1:23:7b:40": 3,
"f0:9c:e9:aa:39:c0": 8,
"40:18:b1:23:6d:00": 9,
"40:18:b1:05:8e:40": 11,
"c4:12:f5:a7:d2:00": 4,
"c4:12:f5:a6:63:70": 5,
"9c:d6:43:2d:b8:e0": 6,
"9c:d6:43:27:5f:70": 7
}

21
etc/wifi-provisioning/templates/AP121_TEMPLATE Normal file
View File

@ -0,0 +1,21 @@
#!/bin/ash
uci set network.mngmnt.proto='static'
uci set network.mngmnt.ipaddr='{{ip_addr}}'
uci set network.mngmnt.netmask='255.255.255.0'
uci set network.mngmnt.gateway='10.20.0.1'
uci set system.@system[0].hostname='{{name}}' #validate A..Z a..z 0..9 _
uci set wireless.radio0.disabled='0'
uci set wireless.radio1.disabled='0'
uci set wireless.radio0.channel='{{wifi_channel_24}}' #validate {1..13}
uci set wireless.radio1.channel='{{wifi_channel_5}}' #validate {36..64}{100..140}{149..165} през 4
uci set wireless.radio0.txpower='{{power_24}}'
uci set wireless.radio1.txpower='{{power_5}}'
uci commit
/etc/init.d/system restart
/etc/init.d/network restart
/etc/init.d/wpad restart
/sbin/wifi reload
/sbin/wifi up

22
etc/wifi-provisioning/templates/DAP_TEMPLATE Normal file
View File

@ -0,0 +1,22 @@
#!/bin/ash
uci set network.lan.proto='static'
uci set network.lan.ipaddr='{{ip_addr}}'
uci set network.lan.netmask='255.255.255.0'
uci set network.lan.gateway='10.20.0.1'
uci set system.@system[0].hostname='{{name}}' #validate A..Z a..z 0..9 _
uci set wireless.radio0.disabled='0'
uci set wireless.radio1.disabled='0'
uci set wireless.radio0.channel='{{wifi_channel_5}}' #validate {36..64}{100..140}{149..165} през 4
uci set wireless.radio1.channel='{{wifi_channel_24}}' #validate {1..13}
uci set wireless.radio0.txpower='{{power_5}}'
uci set wireless.radio1.txpower='{{power_24}}'
uci commit
/etc/init.d/system restart
/etc/init.d/network restart
/etc/init.d/wpad restart
/sbin/wifi reload
/sbin/wifi up

BIN
monitoring/chek_mk.config.tar.gz Normal file
View File

Binary file not shown.

143
switch-configs/barrier.md Normal file
View File

@ -0,0 +1,143 @@
!TL-SG3210
#
vlan 20,207,666,999
#
vlan 20
name "of-mgmt"
#
vlan 207
name "ipact"
#
vlan 666
name "uplink/ipacct"
#
#
#
#
hostname "barrier"
#
mac address-table aging-time 300
#
logging buffer 6
no logging file flash
#
enable secret @_pass_@
#
system-time ntp UTC+02:00 10.20.0.1 10.20.0.1 4
#
spanning-tree mode rstp
#
#
user name admin privilege admin secret 0 @_pass_@
user name root privilege admin secret 0 @_pass_@
#
#
#
#
#
#
snmp-server
snmp-server community "@_community_@" read-only "viewDefault"
#
interface gigabitEthernet 1/0/1
switchport access vlan 20
#
interface gigabitEthernet 1/0/2
switchport access vlan 207
#
interface gigabitEthernet 1/0/3
#
interface gigabitEthernet 1/0/4
#
interface gigabitEthernet 1/0/5
#
interface gigabitEthernet 1/0/6
#
interface gigabitEthernet 1/0/7
#
interface gigabitEthernet 1/0/8
#
interface gigabitEthernet 1/0/9
switchport mode trunk
switchport trunk allowed vlan 20,207,666,999
description "downlink/gkc"
speed 1000
duplex full
#
interface gigabitEthernet 1/0/10
switchport mode trunk
switchport trunk allowed vlan 20,207,666,999
description "uplink/ipacct"
speed 1000
duplex full
#
ip management-vlan 20
interface vlan 20
ip address 10.20.0.16 255.255.255.0 10.20.0.1
#
#
line vty 0 0
password @_pass_@
login
#
line vty 1 1
password @_pass_@
login
#
line vty 2 2
password @_pass_@
login
#
line vty 3 3
password @_pass_@
login
#
line vty 4 4
password @_pass_@
login
#
line vty 5 5
password @_pass_@
login
#
line vty 6 6
password @_pass_@
login
#
line vty 7 7
password @_pass_@
login
#
line vty 8 8
password @_pass_@
login
#
line vty 9 9
password @_pass_@
login
#
line vty 10 10
password @_pass_@
login
#
line vty 11 11
password @_pass_@
login
#
line vty 12 12
password @_pass_@
login
#
line vty 13 13
password @_pass_@
login
#
line vty 14 14
password @_pass_@
login
#
line vty 15 15
password @_pass_@
login
#
end

435
switch-configs/core-sw.md Normal file
View File

@ -0,0 +1,435 @@
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
service unsupported-transceiver
!
hostname core-sw
!
boot-start-marker
boot-end-marker
!
enable password @_pass_@
!
!
!
no aaa new-model
switch 1 provision ws-c3750e-48pd
system mtu routing 1500
ip routing
!
!
ip name-server 10.20.0.2
ip name-server 10.20.0.1
vtp mode off
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
no spanning-tree vlan 999
spanning-tree vlan 1,10,20-27 priority 0
!
!
vlan internal allocation policy ascending
!
vlan 10
name of-ext
!
vlan 20
name of-mgmt
!
vlan 21
name of-wired
!
vlan 22
name of-wifi
!
vlan 23
name of-video
!
vlan 24
name of-overflow
!
vlan 25
name of-reception
!
vlan 26
name of-phone
!
vlan 27
name of-workshop
!
vlan 207
name ipacct207
!
vlan 999
name ipacct
!
lldp run
!
!
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
!
interface GigabitEthernet1/0/1
description Debug
switchport access vlan 20
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/2
description Debug
switchport access vlan 20
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
switchport access vlan 21
switchport mode access
switchport nonegotiate
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/5
switchport access vlan 21
switchport mode access
switchport nonegotiate
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
switchport access vlan 24
switchport mode access
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
description switch
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/10
description switch
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/11
description switch
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/12
description switch
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/13
description switch
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/14
description switch
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/15
description switch
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/16
description switch
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/17
description switch
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/18
description switch
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/19
description switch
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/20
description switch
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/21
description switch
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/22
description switch
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/23
description switch
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/24
description switch
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/25
description AP
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/26
description AP
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/27
description AP
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/28
description AP
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/29
description AP
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/30
description AP
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/31
description AP
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/32
description AP
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/33
description AP
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/34
description AP
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/35
description AP
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/36
description AP
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/37
!
interface GigabitEthernet1/0/38
!
interface GigabitEthernet1/0/39
!
interface GigabitEthernet1/0/40
!
interface GigabitEthernet1/0/41
!
interface GigabitEthernet1/0/42
!
interface GigabitEthernet1/0/43
switchport access vlan 10
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/44
switchport access vlan 10
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/45
description server mirror
switchport access vlan 22
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-27,999
switchport mode access
switchport nonegotiate
spanning-tree portfast trunk
!
interface GigabitEthernet1/0/46
description server
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-27,999
switchport mode trunk
spanning-tree portfast trunk
!
interface GigabitEthernet1/0/47
description server-IPMI
switchport access vlan 10
switchport mode access
switchport nonegotiate
spanning-tree portfast trunk
!
interface GigabitEthernet1/0/48
description server
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20-28,207,999
switchport mode trunk
spanning-tree portfast trunk
!
interface GigabitEthernet1/0/49
!
interface GigabitEthernet1/0/50
!
interface GigabitEthernet1/0/51
description floor0-sw
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 20-28,207,999
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/52
description uplink-gkc
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 20-28,207,999
switchport mode trunk
no cdp enable
no lldp transmit
spanning-tree portfast trunk
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
interface TenGigabitEthernet1/0/1
description server
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast trunk
!
interface TenGigabitEthernet1/0/2
!
interface Vlan1
no ip address
!
interface Vlan20
ip address 10.20.0.11 255.255.255.0
!
ip default-gateway 10.20.0.1
ip classless
!
no ip http server
no ip http secure-server
!
logging history informational
logging 10.20.0.1
!
snmp-server community @_community_@ RO
snmp-server enable traps license
!
!
line con 0
line vty 0 4
password @_pass_@
login
line vty 5 15
password @_pass_@
login
!
end

145
switch-configs/floor0.md Normal file
View File

@ -0,0 +1,145 @@
!TL-SG2210MP
#
vlan 20
name "managment"
#
vlan 21
name "wired"
#
vlan 22
name "wireless"
#
vlan 23
name "video"
#
vlan 24
name "overflow"
#
vlan 25
name "reception"
#
vlan 26
name "voice"
#
vlan 27
name "other"
#
vlan 28
name "wired2"
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
hostname "sw-floor0"
#
#
system-time ntp UTC+08:00 133.100.9.2 139.78.100.163 12 199.165.76.11 140.142.16.34 128.138.140.44
no system-time dst
#
#
#
user name admin privilege admin password 0 @_pass_@
enable password 0 @_pass_@
no service reset-disable
#
#
#
#
#
#
#
#
#
snmp-server
snmp-server community "@_community_@" read-only "viewDefault"
#
#
#
#
power inline consumption 150.0
#
#
#
#
loopback-detection
#
#
#
#
#
#
#
no controller cloud-based
no controller cloud-based privacy-policy
interface vlan 1
ip address-alloc dhcp
no ipv6 enable
#
interface vlan 20
ip address 10.20.0.15 255.255.255.0
no ipv6 enable
#
interface gigabitEthernet 1/0/1
switchport general allowed vlan 20,22,28 tagged
#
interface gigabitEthernet 1/0/2
switchport general allowed vlan 20,22,28 tagged
#
interface gigabitEthernet 1/0/3
switchport general allowed vlan 26 untagged
no switchport general allowed vlan 1
#
interface gigabitEthernet 1/0/4
switchport general allowed vlan 1,20,27 tagged
switchport pvid 20
#
interface gigabitEthernet 1/0/5
switchport general allowed vlan 1,24 tagged
#
interface gigabitEthernet 1/0/6
switchport general allowed vlan 1,20,22,28 tagged
#
interface gigabitEthernet 1/0/7
switchport general allowed vlan 1,20,22,28 tagged
#
interface gigabitEthernet 1/0/8
switchport general allowed vlan 20-28 tagged
switchport pvid 20
power inline supply disable
#
interface gigabitEthernet 1/0/9
switchport general allowed vlan 20-28 tagged
#
interface gigabitEthernet 1/0/10
switchport general allowed vlan 20-28 tagged
#
end

172
switch-configs/gkc.md Normal file
View File

@ -0,0 +1,172 @@
!TL-SG3210
#
vlan 20-28,207,666
#
vlan 20
name "of-mgmt"
#
vlan 21
name "of-wired"
#
vlan 22
name "of-wifi"
#
vlan 23
name "of-video"
#
vlan 24
name "of-overflow"
#
vlan 25
name "of-reception"
#
vlan 26
name "of-phone"
#
vlan 27
name "of-workshop"
#
vlan 28
name "wireless2"
#
vlan 207
name "ipact"
#
vlan 666
name "uplink/ipacct"
#
#
#
#
hostname "gkc"
contact-info ""
#
mac address-table aging-time 300
#
logging buffer 6
no logging file flash
logging host index 1 10.20.0.1 6
#
enable secret @_pass_@
#
system-time ntp UTC+02:00 10.20.0.1 10.20.0.1 4
#
spanning-tree mode rstp
#
#
user name admin privilege admin secret 0 @_pass_@
user name root privilege admin secret 0 @_pass_@
#
#
#
#
#
#
snmp-server
snmp-server community "@_community_@" read-only "viewDefault"
#
interface gigabitEthernet 1/0/1
switchport access vlan 20
#
interface gigabitEthernet 1/0/2
#
interface gigabitEthernet 1/0/3
#
interface gigabitEthernet 1/0/4
#
interface gigabitEthernet 1/0/5
#
interface gigabitEthernet 1/0/6
#
interface gigabitEthernet 1/0/7
switchport access vlan 23
#
interface gigabitEthernet 1/0/8
switchport mode trunk
switchport trunk allowed vlan 20-28
description "downlink/voc-z"
#
interface gigabitEthernet 1/0/9
switchport mode trunk
switchport trunk allowed vlan 20-28,207,666
description "downlink/coresw"
speed 1000
duplex full
#
interface gigabitEthernet 1/0/10
switchport mode trunk
switchport trunk allowed vlan 20-28,207,666
description "uplink/barrier"
speed 1000
duplex full
#
ip management-vlan 20
interface vlan 20
ip address 10.20.0.24 255.255.255.0 10.20.0.1
#
#
line vty 0 0
password @_pass_@
login
#
line vty 1 1
password @_pass_@
login
#
line vty 2 2
password @_pass_@
login
#
line vty 3 3
password @_pass_@
login
#
line vty 4 4
password @_pass_@
login
#
line vty 5 5
password @_pass_@
login
#
line vty 6 6
password @_pass_@
login
#
line vty 7 7
password @_pass_@
login
#
line vty 8 8
password @_pass_@
login
#
line vty 9 9
password @_pass_@
login
#
line vty 10 10
password @_pass_@
login
#
line vty 11 11
password @_pass_@
login
#
line vty 12 12
password @_pass_@
login
#
line vty 13 13
password @_pass_@
login
#
line vty 14 14
password @_pass_@
login
#
line vty 15 15
password @_pass_@
login
#
end

166
switch-configs/noc.md Normal file
View File

@ -0,0 +1,166 @@
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname noc-sw
!
enable secret @_pass_@
!
no aaa new-model
ip subnet-zero
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface FastEthernet0/1
switchport access vlan 22
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 22
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 23
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 23
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 24
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 24
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 25
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 25
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 26
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 26
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 27
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 27
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/23
description "noc ap"
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 20,22
switchport mode trunk
switchport nonegotiate
!
interface FastEthernet0/24
description "uplink fl0"
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 20-27
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
no ip address
shutdown
!
interface Vlan20
ip address 10.20.0.28 255.255.255.0
!
ip default-gateway 10.20.0.1
ip classless
no ip http server
no ip http secure-server
!
!
logging 10.20.0.1
snmp-server community @_community_@ RO
!
control-plane
!
!
line con 0
line vty 0 4
password @_pass_@
login
line vty 5 15
password @_pass_@
login
!
end

176
switch-configs/rec-ja.md Normal file
View File

@ -0,0 +1,176 @@
!TL-SG3210
#
vlan 20-27
#
vlan 20
name "of-mgmt"
#
vlan 21
name "of-wired"
#
vlan 22
name "of-wifi"
#
vlan 23
name "of-video"
#
vlan 24
name "of-overflow"
#
vlan 25
name "of-reception"
#
vlan 26
name "of-phone"
#
vlan 27
name "of-workshop"
#
#
#
#
hostname "reception-JA"
#
mac address-table aging-time 300
#
logging buffer 6
no logging file flash
logging host index 1 10.20.0.1 6
#
enable password @_pass_@
#
system-time ntp UTC+02:00 10.20.0.1 10.20.0.1 4
#
spanning-tree mode rstp
#
#
#
#
#
#
#
#
snmp-server
snmp-server community @_community_@ read-only viewDefault
#
#
interface gigabitEthernet 1/0/1
switchport access vlan 26
#
interface gigabitEthernet 1/0/2
switchport access vlan 25
#
interface gigabitEthernet 1/0/3
switchport access vlan 25
#
interface gigabitEthernet 1/0/4
switchport access vlan 25
#
interface gigabitEthernet 1/0/5
switchport access vlan 25
#
interface gigabitEthernet 1/0/6
switchport access vlan 25
#
interface gigabitEthernet 1/0/7
switchport access vlan 25
#
interface gigabitEthernet 1/0/8
switchport mode trunk
switchport trunk allowed vlan 20-27
description "uplink/coresw"
#
interface gigabitEthernet 1/0/9
speed 1000
#
interface gigabitEthernet 1/0/10
speed 1000
#
ip management-vlan 20
interface vlan 20
ip address 10.20.0.25 255.255.255.0 10.20.0.1
#
line vty 0 0
password @_pass_@
login
#
line vty 1 1
password @_pass_@
login
#
line vty 2 2
password @_pass_@
login
#
line vty 3 3
password @_pass_@
login
#
line vty 4 4
password @_pass_@
login
#
line vty 5 5
password @_pass_@
login
#
line vty 6 6
password @_pass_@
login
#
line vty 7 7
password @_pass_@
login
#
line vty 8 8
password @_pass_@
login
#
line vty 9 9
password @_pass_@
login
#
line vty 10 10
password @_pass_@
login
#
line vty 11 11
password @_pass_@
login
#
line vty 12 12
password @_pass_@
login
#
line vty 13 13
password @_pass_@
login
#
line vty 14 14
password @_pass_@
login
#
line vty 15 15
password @_pass_@
login
#
end

167
switch-configs/team.md Normal file
View File

@ -0,0 +1,167 @@
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service unsupported-transceiver
!
hostname team-sw
!
boot-start-marker
boot-end-marker
!
enable password @_pass_@
!
no aaa new-model
system mtu routing 1500
!
!
ip name-server 10.20.0.1
cluster enable of 0
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
interface FastEthernet0/1
switchport access vlan 26
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 21
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 21
switchport mode access
!
interface GigabitEthernet0/1
switchport trunk allowed vlan 20-27
switchport mode trunk
switchport nonegotiate
shutdown
!
interface GigabitEthernet0/2
switchport trunk allowed vlan 20-27
switchport mode trunk
switchport nonegotiate
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan20
ip address 10.20.0.26 255.255.255.0
no ip route-cache
!
ip default-gateway 10.20.0.1
no ip http server
no ip http secure-server
logging host 10.20.0.1 session-id hostname
snmp-server community @_community_@ RO
!
!
line con 0
line vty 0 4
password @_pass_@
login
line vty 5 15
password @_pass_@
login
!
end

161
switch-configs/voc-a.md Normal file
View File

@ -0,0 +1,161 @@
!TL-SG3210
#
vlan 20-27
#
vlan 20
name "of-mgmt"
#
vlan 21
name "of-wired"
#
vlan 22
name "of-wifi"
#
vlan 23
name "of-video"
#
vlan 24
name "of-overflow"
#
vlan 25
name "of-reception"
#
vlan 26
name "of-phone"
#
vlan 27
name "of-workshop"
#
#
#
#
hostname "vocsw-A"
#
mac address-table aging-time 300
#
logging buffer 6
no logging file flash
logging host index 1 10.20.0.1 6
#
enable secret @_pass_@
#
system-time ntp UTC+02:00 10.20.0.1 10.20.0.1 4
#
spanning-tree mode rstp
#
#
user name admin privilege admin secret @_pass_@
user name root privilege admin secret @_pass_@
#
#
#
#
#
#
snmp-server
snmp-server community "@_community_@" read-only "viewDefault"
#
interface gigabitEthernet 1/0/1
switchport access vlan 26
#
interface gigabitEthernet 1/0/2
switchport access vlan 23
#
interface gigabitEthernet 1/0/3
switchport access vlan 23
#
interface gigabitEthernet 1/0/4
switchport access vlan 23
#
interface gigabitEthernet 1/0/5
switchport access vlan 23
#
interface gigabitEthernet 1/0/6
switchport access vlan 23
#
interface gigabitEthernet 1/0/7
switchport access vlan 23
#
interface gigabitEthernet 1/0/8
switchport mode trunk
switchport trunk allowed vlan 20-27
description "uplink/coresw"
#
interface gigabitEthernet 1/0/9
speed 1000
duplex full
#
interface gigabitEthernet 1/0/10
speed 1000
duplex full
#
ip management-vlan 20
interface vlan 20
ip address 10.20.0.21 255.255.255.0 10.20.0.1
#
#
line vty 0 0
password @_pass_@
login
#
line vty 1 1
password @_pass_@
login
#
line vty 2 2
password @_pass_@
login
#
line vty 3 3
password @_pass_@
login
#
line vty 4 4
password @_pass_@
login
#
line vty 5 5
password @_pass_@
login
#
line vty 6 6
password @_pass_@
login
#
line vty 7 7
password @_pass_@
login
#
line vty 8 8
password @_pass_@
login
#
line vty 9 9
password @_pass_@
login
#
line vty 10 10
password @_pass_@
login
#
line vty 11 11
password @_pass_@
login
#
line vty 12 12
password @_pass_@
login
#
line vty 13 13
password @_pass_@
login
#
line vty 14 14
password @_pass_@
login
#
line vty 15 15
password @_pass_@
login
#
end

163
switch-configs/voc-b.md Normal file
View File

@ -0,0 +1,163 @@
!TL-SG3210
#
vlan 20-27
#
vlan 20
name "of-mgmt"
#
vlan 21
name "of-wired"
#
vlan 22
name "of-wifi"
#
vlan 23
name "of-video"
#
vlan 24
name "of-overflow"
#
vlan 25
name "of-reception"
#
vlan 26
name "of-phone"
#
vlan 27
name "of-workshop"
#
#
#
#
hostname "vocsw-B"
#
mac address-table aging-time 300
#
logging buffer 6
no logging file flash
logging host index 1 10.20.0.1 6
#
enable secret @_pass_@
#
system-time ntp UTC+02:00 10.20.0.1 10.20.0.1 4
#
spanning-tree mode rstp
#
#
user name admin privilege admin secret 0 @_pass_@
user name root privilege admin secret 0 @_pass_@
#
#
#
#
#
#
snmp-server
snmp-server community "@_community_@" read-only "viewDefault"
#
interface gigabitEthernet 1/0/1
switchport access vlan 26
#
interface gigabitEthernet 1/0/2
switchport access vlan 23
#
interface gigabitEthernet 1/0/3
switchport access vlan 23
#
interface gigabitEthernet 1/0/4
switchport access vlan 23
#
interface gigabitEthernet 1/0/5
switchport access vlan 23
#
interface gigabitEthernet 1/0/6
switchport access vlan 23
#
interface gigabitEthernet 1/0/7
switchport access vlan 23
#
interface gigabitEthernet 1/0/8
switchport mode trunk
switchport trunk allowed vlan 20-27
description "uplink/coresw"
#
interface gigabitEthernet 1/0/9
speed 1000
duplex full
#
interface gigabitEthernet 1/0/10
speed 1000
duplex full
#
ip management-vlan 20
interface vlan 20
ip address 10.20.0.22 255.255.255.0 10.20.0.1
#
#
line vty 0 0
password @_pass_@
login
#
line vty 1 1
password @_pass_@
login
#
line vty 2 2
password @_pass_@
login
#
line vty 3 3
password @_pass_@
login
#
line vty 4 4
password @_pass_@
login
#
line vty 5 5
password @_pass_@
login
#
line vty 6 6
password @_pass_@
login
#
line vty 7 7
password @_pass_@
login
#
line vty 8 8
password @_pass_@
login
#
line vty 9 9
password @_pass_@
login
#
line vty 10 10
password @_pass_@
login
#
line vty 11 11
password @_pass_@
login
#
line vty 12 12
password @_pass_@
login
#
line vty 13 13
password @_pass_@
login
#
line vty 14 14
password @_pass_@
login
#
line vty 15 15
password @_pass_@
login
#
end

162
switch-configs/voc-z.md Normal file
View File

@ -0,0 +1,162 @@
!TL-SG3210
#
vlan 20-27
#
vlan 20
name "of-mgmt"
#
vlan 21
name "of-wired"
#
vlan 22
name "of-wifi"
#
vlan 23
name "of-video"
#
vlan 24
name "of-overflow"
#
vlan 25
name "of-reception"
#
vlan 26
name "of-phone"
#
vlan 27
name "of-workshop"
#
#
#
#
hostname "vocsw-Z"
#
mac address-table aging-time 300
#
logging buffer 6
no logging file flash
logging host index 1 10.20.0.1 6
#
enable password @_pass_@
#
system-time ntp UTC+02:00 10.20.0.1 10.20.0.1 4
#
spanning-tree mode rstp
#
#
user name root privilege admin secret @_pass_@
#
#
#
#
#
#
snmp-server
snmp-server community "@_community_@" read-only "viewDefault"
#
interface gigabitEthernet 1/0/1
switchport access vlan 26
#
interface gigabitEthernet 1/0/2
switchport access vlan 26
#
interface gigabitEthernet 1/0/3
switchport access vlan 23
#
interface gigabitEthernet 1/0/4
switchport access vlan 23
#
interface gigabitEthernet 1/0/5
switchport access vlan 23
#
interface gigabitEthernet 1/0/6
switchport mode trunk
switchport trunk allowed vlan 20,22
description "mgmt/radio"
#
interface gigabitEthernet 1/0/7
switchport access vlan 21
#
interface gigabitEthernet 1/0/8
switchport mode trunk
switchport trunk allowed vlan 20-27
description "uplink/gkc"
#
interface gigabitEthernet 1/0/9
speed 1000
duplex full
#
interface gigabitEthernet 1/0/10
speed 1000
duplex full
#
ip management-vlan 20
interface vlan 20
ip address 10.20.0.23 255.255.255.0 10.20.0.1
#
#
line vty 0 0
password @_pass_@
login
#
line vty 1 1
password @_pass_@
login
#
line vty 2 2
password @_pass_@
login
#
line vty 3 3
password @_pass_@
login
#
line vty 4 4
password @_pass_@
login
#
line vty 5 5
password @_pass_@
login
#
line vty 6 6
password @_pass_@
login
#
line vty 7 7
password @_pass_@
login
#
line vty 8 8
password @_pass_@
login
#
line vty 9 9
password @_pass_@
login
#
line vty 10 10
password @_pass_@
login
#
line vty 11 11
password @_pass_@
login
#
line vty 12 12
password @_pass_@
login
#
line vty 13 13
password @_pass_@
login
#
line vty 14 14
password @_pass_@
login
#
line vty 15 15
password @_pass_@
login
#
end

170
switch-configs/workshop.md Normal file
View File

@ -0,0 +1,170 @@
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname workshop-sw
!
enable secret @_pass_@
enable password @_pass_@
!
no aaa new-model
ip subnet-zero
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface FastEthernet0/1
switchport access vlan 27
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 27
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 27
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 27
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 27
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 27
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 27
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 27
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 27
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 27
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 27
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 27
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 27
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 27
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 27
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 27
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 27
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 27
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 27
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 27
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 27
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 24
switchport mode access
!
interface FastEthernet0/23
description "uplink"
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 20-27
switchport mode trunk
switchport nonegotiate
shutdown
!
interface FastEthernet0/24
description "uplink fl0"
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 20-27
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
no ip address
shutdown
!
interface Vlan20
ip address 10.20.0.27 255.255.255.0
!
ip default-gateway 10.20.0.1
ip classless
no ip http server
no ip http secure-server
!
!
logging 10.20.0.1
snmp-server community @_community_@ RO
!
control-plane
!
!
line con 0
password @_pass_@
login
line vty 0 4
password @_pass_@
login
line vty 5 15
password @_pass_@
login
!
end

182
wifi-provisioning-serverside/Config.php Normal file
View File

@ -0,0 +1,182 @@
<?php
namespace Provision;
use Provision;
class Config
{
protected ?int $id;
protected ?string $name;
protected ?string $ip_addr;
protected ?int $wifi_channel_24;
protected ?int $wifi_channel_5;
protected ?int $power_24;
protected ?int $power_5;
public function __construct($id, $name = null, $ip_addr = null, $wifi_channel_24 = null, $wifi_channel_5 = null, $power_24 = null, $power_5 = null)
{
$this->id = $id;
$this->setName($name);
$this->setIpAddr($ip_addr);
$this->setWifiChannel24($wifi_channel_24);
$this->setWifiChannel5($wifi_channel_5);
$this->setPower24($power_24);
$this->setPower5($power_5);
}
public function build($type): false|string
{
$template = $this->detectTemplate($type);
$template = str_replace('{{name}}', $this->name, $template);
$template = str_replace('{{ip_addr}}', $this->ip_addr, $template);
$template = str_replace('{{wifi_channel_24}}', $this->wifi_channel_24, $template);
$template = str_replace('{{wifi_channel_5}}', $this->wifi_channel_5, $template);
$template = str_replace('{{power_24}}', $this->power_24, $template);
$template = str_replace('{{power_5}}', $this->power_5, $template);
return $template;
}
/**
* Set the configuration name
* @param string $name
*/
public function detectTemplate($type): false|string
{
//detect the template based on the device type
if ($type == 'DAP') {
return file_get_contents('/etc/wifi-provisioning/templates/DAP_TEMPLATE');
}
if ($type == 'AP121') {
return file_get_contents('/etc/wifi-provisioning/templates/AP121_TEMPLATE');
}
return false;
}
public function setName(string $name)
{
//null or regex [a-zA-Z0-9_-]
if (!is_null($name) && !preg_match('/^[a-zA-Z0-9_-]+$/', $name)) {
throw new \Exception('Invalid name');
}
$this->name = $name;
}
public function setIpAddr(string $ip_addr)
{
//null or single ip address
if (!is_null($ip_addr) && !filter_var($ip_addr, FILTER_VALIDATE_IP)) {
throw new \Exception('Invalid IP address');
}
$this->ip_addr = $ip_addr;
}
public function setWifiChannel24(int $wifi_channel_24)
{
$this->wifi_channel_24 = $wifi_channel_24;
}
public function setWifiChannel5(int $wifi_channel_5)
{
//validate wifi channel ranges {52..64}{100..140} step 4
if ($wifi_channel_5 < 52 || $wifi_channel_5 > 140 || ($wifi_channel_5 > 64 && $wifi_channel_5 < 100) || $wifi_channel_5 % 4 != 0) {
throw new \Exception('Invalid 5GHz wifi channel');
}
$this->wifi_channel_5 = $wifi_channel_5;
}
public function setPower24(int $power_24)
{
//validate power ranges {1..20}
if ($power_24 < 1 || $power_24 > 20) {
throw new \Exception('Invalid 2.4GHz power');
}
$this->power_24 = $power_24;
}
public function setPower5(int $power_5)
{
//validate power ranges {1..22}
if ($power_5 < 1 || $power_5 > 22) {
throw new \Exception('Invalid 5GHz power');
}
$this->power_5 = $power_5;
}
public function getId(): ?int
{
return $this->id;
}
public function getName(): ?string
{
return $this->name;
}
public function getIpAddr(): ?string
{
return $this->ip_addr;
}
public function getWifiChannel24(): ?int
{
return $this->wifi_channel_24;
}
public function getWifiChannel5(): ?int
{
return $this->wifi_channel_5;
}
public function getPower24(): ?int
{
return $this->power_24;
}
public function getPower5(): ?int
{
return $this->power_5;
}
public function load()
{
//load the configuration from the provision configurations file
$configs = file_get_contents(Provision::$CONFIG_FILE);
$configs = json_decode($configs, true);
if (isset($configs[$this->id])) {
$this->name = $configs[$this->id]['name'];
$this->ip_addr = $configs[$this->id]['ip_addr'];
$this->wifi_channel_24 = $configs[$this->id]['wifi_channel_24'];
$this->wifi_channel_5 = $configs[$this->id]['wifi_channel_5'];
}
}
public function save(): bool
{
//save the configuration to the provision configurations file
if (!file_exists(Provision::$CONFIG_FILE)) {
file_put_contents(Provision::$CONFIG_FILE, json_encode([]));
}
$configs = file_get_contents(Provision::$CONFIG_FILE);
$configs = json_decode($configs, true);
$configs[$this->id] = [
'name' => $this->name,
'ip_addr' => $this->ip_addr,
'wifi_channel_24' => $this->wifi_channel_24,
'wifi_channel_5' => $this->wifi_channel_5
];
if (!file_put_contents(Provision::$CONFIG_FILE, json_encode($configs))) {
return false;
}
return true;
}
}

91
wifi-provisioning-serverside/Device.php Normal file
View File

@ -0,0 +1,91 @@
<?php
namespace Provision;
use Provision;
class Device
{
public static $DEVICE_TYPES = ['DAP', 'AP121'];
protected ?string $mac;
protected ?string $type;
public function __construct($mac, $type = null)
{
//validate mac
if (!filter_var($mac, FILTER_VALIDATE_MAC)) {
throw new \Exception('Invalid MAC address');
}
$this->mac = $mac;
if ($type && !in_array($type, self::$DEVICE_TYPES)) {
throw new \Exception('Invalid device type. Possible values are: ' . implode(', ', self::$DEVICE_TYPES));
}
$this->type = $type ?? $this->getDeviceType();
syslog(LOG_INFO, "New device created with MAC: $mac and type: $type");
}
/**
* Save the device to the provision devices file
* @return bool
*/
public function save(): bool
{
//save the device to the provision devices file
if (!file_exists(Provision::$DEVICES_FILE)) {
file_put_contents(Provision::$DEVICES_FILE, json_encode([]));
}
$devices = file_get_contents(Provision::$DEVICES_FILE);
$devices = json_decode($devices, true);
$devices[$this->mac] = $this->type;
if (!file_put_contents(Provision::$DEVICES_FILE, json_encode($devices))) {
return false;
}
return true;
}
/**
* Check if the device exists in the provision devices file
* @return bool
*/
public function check(): bool
{
//check if the device exists in the provision devices file
$devices = file_get_contents(Provision::$DEVICES_FILE);
$devices = json_decode($devices, true);
return isset($devices[$this->mac]);
}
public function getDeviceType()
{
//get the device type from the provision devices file
$devices = file_get_contents(Provision::$DEVICES_FILE);
$devices = json_decode($devices, true);
if (isset($devices[$this->mac])) {
return $devices[$this->mac];
}
return null;
}
public function getMac(): ?string
{
return $this->mac;
}
public function getType(): ?string
{
return $this->type;
}
public function setMac($mac): void
{
$this->mac = $mac;
}
public function setType($type): void
{
$this->type = $type;
}
}

6
wifi-provisioning-serverside/Location.php Normal file
View File

@ -0,0 +1,6 @@
<?php
namespace Provision;
class Location
{
}

199
wifi-provisioning-serverside/Provision.php Normal file
View File

@ -0,0 +1,199 @@
<?php
use Provision\Config;
use Provision\Device;
require_once 'Config.php';
require_once 'Device.php';
/**
* Provision
*
* This class is responsible for provisioning WIFI devices.
* We can use this class to provision a device, based on MAC address and location ID.
*
* Once the parameters are passed, the class will provision the device and return the configuration.
*
* @package Provision
*/
class Provision
{
public static string $CONFIG_FILE = '/etc/wifi-provisioning/config.json';
public static string $DEVICES_FILE = '/etc/wifi-provisioning/devices.json';
protected static string $MAPPING_FILE = '/etc/wifi-provisioning/mapping.json';
protected static string $LOG_FILE = '/var/log/wifi-provisioning.log';
protected ?Config $config;
protected ?Device $device;
/**
* @throws Exception
*/
public function __construct(string $mac = NULL)
{
$this->device = $mac ? new Device($mac) : null;
$this->config = null;
}
public function provision(string $mac=NULL, int $location=null)
{
if ($mac) {
$this->device = new Device($mac);
}
if (!$this->device->check()) {
$this->log('Device with MAC: ' . $this->device->getMac() . ' does not exist');
return FALSE;
}
if ($location) {
$this->config = new Config($location);
}
try {
/** @var Config $configuration */
$configuration = $this->getConfiguration();
} catch (\Exception $e) {
$this->log('Failed to provision device with MAC: ' . $this->device->getMac() . ' - ' . $e->getMessage());
return false;
}
if (!$configuration) {
$this->log('Failed to provision device with MAC: ' . $this->device->getMac());
return false;
}
$this->log('Provisioned device with MAC: ' . $this->device->getMac());
return $configuration->build($this->device->getType());
}
/**
* @throws Exception
*/
public function updateMapping(string $mac, int $locationID): bool
{
try{
$device = new Device($mac);
} catch (\Exception $e) {
$this->log('Failed to update mapping for MAC: ' . $mac . ' - ' . $e->getMessage());
return FALSE;
}
if (!$device->check()) {
$this->log('Device with MAC: ' . $mac . ' does not exist');
return false;
}
$mappings = $this->getMappings();
$mappings[$mac] = $locationID;
if (!file_put_contents(self::$MAPPING_FILE, json_encode($mappings))) {
$this->log('Failed to update mapping for MAC: ' . $mac . ' and Config ID: ' . $locationID);
return false;
}
$this->log('Updated mapping for MAC: ' . $mac . ' and Config ID: ' . $locationID);
return true;
}
public function getMappings()
{
if (!file_exists(self::$MAPPING_FILE)) {
file_put_contents(self::$MAPPING_FILE, json_encode([]));
}
$mappings = file_get_contents(self::$MAPPING_FILE);
return json_decode($mappings, true);
}
public function getDevices()
{
if (!file_exists(self::$DEVICES_FILE)) {
file_put_contents(self::$DEVICES_FILE, json_encode([]));
}
$devices = file_get_contents(self::$DEVICES_FILE);
return json_decode($devices, true);
}
/**
* Get the configuration for the device
* @return array
*/
public function getConfig(): array
{
if (!file_exists(self::$CONFIG_FILE)) {
file_put_contents(self::$CONFIG_FILE, json_encode([]));
}
$config = file_get_contents(self::$CONFIG_FILE);
return json_decode($config, true);
}
/**
* Add a device to the provision devices file
* @return bool
*/
public function addDevice(string $mac, string $type): bool
{
try{
$device = new Device($mac, $type);
} catch (\Exception $e) {
$this->log('Failed to add device with MAC: ' . $mac . ' - ' . $e->getMessage());
return FALSE;
}
if ($device->check()) {
$this->log('Device with MAC: ' . $device->getMac() . ' already exists');
return FALSE;
}
if (!$device->save()) {
$this->log('Failed to add device with MAC: ' . $device->getMac());
return FALSE;
}
$this->log('Device with MAC: ' . $device->getMac() . ' added successfully');
return TRUE;
}
public function addConfig(int $id, string $name, string $ip_addr, int $wifi_channel_24, int $wifi_channel_5, int $power_24, int $power_5):
bool
{
try{
$config = new Config($id, $name, $ip_addr, $wifi_channel_24, $wifi_channel_5, $power_24, $power_5);
} catch (\Exception $e) {
$this->log('Failed to add configuration with ID: ' . $id . ' - ' . $e->getMessage());
return FALSE;
}
if (!$config->save()) {
$this->log('Failed to add configuration with ID: ' . $config->getId());
return FALSE;
}
$this->log('Configuration with ID: ' . $config->getId() . ' added successfully');
return TRUE;
}
private function log(string $message)
{
file_put_contents(self::$LOG_FILE, $message . PHP_EOL, FILE_APPEND);
syslog(LOG_DEBUG, $message);
if (php_sapi_name() === 'cli') {
echo $message . PHP_EOL;
}
}
private function getConfiguration(): ?Config
{
//detect configuration based on mac and location
$mappings = $this->getMappings();
$location = $mappings[$this->device->getMac()] ?? null;
if (!$location) {
$this->log('No mapping found for MAC: ' . $this->device->getMac());
return null;
}
$config = $this->getConfig();
$configuration = $config[$location] ?? null;
if (!$configuration) {
$this->log('No configuration found for location ID: ' . $location);
return null;
}
$this->log('Configuration found for MAC: ' . $this->device->getMac() . ' and location ID: ' . $location);
return new Config($location, $configuration['name'], $configuration['ip_addr'], $configuration['wifi_channel_24'], $configuration['wifi_channel_5'], $configuration['power_24'], $configuration['power_5']);
}
}

5
wifi-provisioning-serverside/README.md Normal file
View File

@ -0,0 +1,5 @@
PHP component of wifi provisionig.
Written by Atanas(DevHex)
Needs PHP capable web server.

22
wifi-provisioning-serverside/c.php Normal file
View File

@ -0,0 +1,22 @@
<?php
require_once 'Provision.php';
if (!isset($_POST['mac'])) {
echo json_encode(['error' => 'MAC address is required']);
exit;
}
if (!isset($_POST['location'])) {
echo json_encode(['error' => 'Config ID is required']);
exit;
}
try {
$provision = new Provision($_POST['mac']);
$provision->updateMapping($_POST['mac']??'', $_POST['location']??0);
echo json_encode(['success' => 'Device mapped successfully']);
} catch (Exception $e) {
echo json_encode(['error' => $e->getMessage()]);
exit;
}

105
wifi-provisioning-serverside/cli.php Executable file
View File

@ -0,0 +1,105 @@
#!/usr/bin/php
<?php
require_once 'Provision.php';
$provision = new Provision();
$res = readline_completion_function(function($input, $index) {
$commands = ['conf', 'dev', 'add-dev', 'add-conf', 'set', 'map', 'provision', 'exit', 'help', '?'];
return array_filter($commands, function($command) use ($input) {
return strpos($command, $input) === 0;
});
});
//make command line interface, that can list all locations, provision a device, update a device location, and delete a device
while (true) {
$choice = trim(readline("provision> "));
switch ($choice) {
case '':
break;
case 'conf':
$configs = $provision->getConfig();
echo '===== Configurations ====='.PHP_EOL;
foreach ($configs as $location => $conf) {
echo sprintf("Config ID: %2d, IP: %10s, CH2.4: %2d (PWR: %2d), CH5: %3d (PWR: %2d), Name: %s",
$location,
$conf['ip_addr'],
$conf['wifi_channel_24'],
$conf['power_24'],
$conf['wifi_channel_5'],
$conf['power_5'],
$conf['name']).PHP_EOL;
}
break;
case 'dev':
$devices = $provision->getDevices();
echo '===== Devices ====='.PHP_EOL;
foreach ($devices as $mac => $type) {
echo "MAC: $mac, Type: $type\n";
}
break;
case 'add-dev':
$mac = readline("Enter the MAC address: ");
$type = readline("Enter the device type: ");
$provision->addDevice($mac, $type);
break;
case 'add-conf':
$id = readline("Enter the configuration location (ID): ");
$name = readline("Enter the configuration name: ");
$ip_addr = readline("Enter the IP address: ");
$wifi_channel_24 = readline("Enter the 2.4GHz wifi channel: ");
$wifi_channel_5 = readline("Enter the 5GHz wifi channel: ");
$power_24 = readline("Enter the 2.4GHz power: ");
$power_5 = readline("Enter the 5GHz power: ");
$provision->addConfig((int) $id, $name, $ip_addr, (int) $wifi_channel_24, (int) $wifi_channel_5, (int) $power_24, (int) $power_5);
break;
case 'set':
$mac = readline("Enter the MAC address: ");
$location = readline("Enter the location ID: ");
$provision->updateMapping($mac, (int) $location);
break;
case 'map':
$mappings = $provision->getMappings();
echo '===== Mappings ====='.PHP_EOL;
foreach ($mappings as $mac => $location) {
echo "MAC: $mac, Location ID: $location\n";
}
break;
case 'provision':
$mac = readline("Enter the MAC address: ");
$location = readline("Enter the location ID (empty for autodetect): ");
if (empty($location)) {
$location = null;
}
$conf = $provision->provision($mac, $location);
if (empty($conf)) {
echo 'Failed to provision the device'.PHP_EOL;
break;
}
echo 'Paste the following configuration to the device:'.PHP_EOL;
echo '>>>>>>>>>'. PHP_EOL.PHP_EOL;
echo $conf;
echo PHP_EOL.'<<<<<<<<'.PHP_EOL;
break;
case '?':
case 'help':
echo '===== Commands ====='.PHP_EOL;
echo 'conf - List all locations'.PHP_EOL;
echo 'dev - List all devices'.PHP_EOL;
echo 'map - List all device locations'.PHP_EOL;
echo 'add-dev - Add a device'.PHP_EOL;
echo 'add-conf - Add a configuration'.PHP_EOL;
echo 'provision - Provision a device'.PHP_EOL;
echo 'set - Update a device location'.PHP_EOL;
echo 'exit - Exit the program'.PHP_EOL;
echo 'help / ? - Show this help'.PHP_EOL;
break;
case 'exit':
exit;
default:
echo 'Invalid command'.PHP_EOL;
}
}

2
wifi-provisioning-serverside/index.php Normal file
View File

@ -0,0 +1,2 @@
<?php
echo 'Hi!';

36
wifi-provisioning-serverside/p.php Normal file
View File

@ -0,0 +1,36 @@
<?php
require_once 'Provision.php';
syslog(LOG_INFO, file_get_contents('php://input'));
$data = json_decode(file_get_contents('php://input'));
syslog(LOG_INFO, 'request_from = ' . $_SERVER['REMOTE_ADDR']);
syslog(LOG_INFO, 'data = ' . print_r($data, true));
syslog(LOG_INFO, 'Provisioning request for MAC: ' . ($data->mac ?? 'n/a'));
if (empty($data->mac)) {
//return 404
http_response_code(404);
echo json_encode(['error' => 'MAC address is required']);
exit;
}
try {
$provision = new Provision($data->mac);
} catch (Exception $e) {
http_response_code(500);
echo json_encode(['error' => $e->getMessage()]);
exit;
}
$configuration = $provision->provision();
if (empty($configuration)) {
http_response_code(404);
echo json_encode(['error' => 'No configuration found']);
exit;
}
header('Content-Type: text/html');
syslog(LOG_INFO, 'Provisioned device with MAC: ' . $data->mac);
syslog(LOG_INFO, 'Configuration: ' . $configuration);
echo $configuration;