diff --git a/APs/DAP.prov.template.tar.gz b/APs/DAP.prov.template.tar.gz new file mode 100644 index 0000000..d0e0fa3 Binary files /dev/null and b/APs/DAP.prov.template.tar.gz differ diff --git a/APs/HIVE.prov.template.tar.gz b/APs/HIVE.prov.template.tar.gz new file mode 100644 index 0000000..9eee831 Binary files /dev/null and b/APs/HIVE.prov.template.tar.gz differ diff --git a/APs/README.md b/APs/README.md new file mode 100644 index 0000000..5361d13 --- /dev/null +++ b/APs/README.md @@ -0,0 +1,7 @@ +Templates are not perfektly sunced. + +Bridges and interface names have differences. + +Same of custom files are not in templates for DAPs + +!!! Use as guideline, not as redy to run setup !!! diff --git a/APs/etc/fw_mod.sh b/APs/etc/fw_mod.sh new file mode 100755 index 0000000..3ac4970 --- /dev/null +++ b/APs/etc/fw_mod.sh @@ -0,0 +1,37 @@ +/usr/bin/logger "Start augmenting FW" + +if [ -z "$1" ]; then + sleep 1; +else + sleep $1; +fi + +INTERFACES="wifi.22" + +all_interfaces_up() { + for iface in $INTERFACES; do + if ! ip link show "$iface" > /dev/null 2>&1; then + return 1 # If any interface is missing, return failure + fi + done + return 0 # All interfaces are up +} + +while ! all_interfaces_up; do + echo "Waiting for interfaces to appear: $INTERFACES" + sleep 1 # Wait 1 second before checking again +done + +/usr/sbin/nft insert rule inet fw4 forward iif wifi.22 ip saddr == 10.22.0.1 drop +/usr/sbin/nft insert rule inet fw4 forward iif wifi.22 ip saddr == 10.20.0.1 drop +/usr/sbin/nft insert rule inet fw4 forward iif wifi.22 ip saddr != 10.22.0.0/21 drop +/usr/sbin/nft insert rule inet fw4 forward iif wifi.22 ether saddr 3c:ec:ef:be:b9:7f drop + +/usr/sbin/nft add table bridge filter +/usr/sbin/nft add chain bridge filter forward '{type filter hook forward priority 0; }' +/usr/sbin/nft add rule bridge filter forward iif { phy0-ap0, phy1-ap0 } ether saddr 3c:ec:ef:be:b9:7f drop +/usr/sbin/nft add rule bridge filter forward iif { phy0-ap0, phy1-ap0 } ip saddr == 10.22.0.1 drop +/usr/sbin/nft add rule bridge filter forward iif { phy0-ap0, phy1-ap0 } ip saddr != 10.22.0.0/22 drop +/usr/sbin/nft add rule bridge filter forward iif { phy0-ap0, phy1-ap0 } ip daddr == 10.22.0.0/22 drop + +/usr/bin/logger "Finish augmenting FW" diff --git a/APs/etc/hotplug.d/iface/20-firewall b/APs/etc/hotplug.d/iface/20-firewall new file mode 100644 index 0000000..153cfea --- /dev/null +++ b/APs/etc/hotplug.d/iface/20-firewall @@ -0,0 +1,18 @@ +#!/bin/sh + +has_zone() { + fw4 -q network "$INTERFACE" >/dev/null && return 0 + eval $(ubus call "network.interface.$INTERFACE" status | jsonfilter -e 'ZONE=@.data.zone') + fw4 -q zone "$ZONE" >/dev/null +} + +[ "$ACTION" = ifup -o "$ACTION" = ifupdate ] || exit 0 +[ "$ACTION" = ifupdate -a -z "$IFUPDATE_ADDRESSES" -a -z "$IFUPDATE_DATA" ] && exit 0 + +/etc/init.d/firewall enabled || exit 0 + +has_zone || exit 0 + +logger -t firewall "Reloading firewall due to $ACTION of $INTERFACE ($DEVICE)" +fw4 -q reload +/etc/fw_mod.sh & diff --git a/APs/etc/provisioning_daemon.sh b/APs/etc/provisioning_daemon.sh new file mode 100755 index 0000000..120c388 --- /dev/null +++ b/APs/etc/provisioning_daemon.sh @@ -0,0 +1,65 @@ +#!/bin/ash + +device='wifi.20' +url='http://10.20.0.1:34925/p.php' + +getProvis(){ + curl -s $url -o /dev/null + logger -t provis_$mac "first curl exit code $?" + errorcode=$? + if [ $errorcode -eq 0 ]; then + + status_code=$(curl -H 'Content-Type: application/json' -d '{"mac":"'$mac'"} ' -o /dev/null -v -w '%{http_code}' $url) + logger -t provis_$mac "Status code: $status_code" + + if [ "$status_code" -eq 200 ]; then + curl -s -H 'Content-Type: application/json' -d '{"mac":"'$mac'"}' $url -o /tmp/tmpProv.sh + return 0 + else + logger -t provis_$mac "Non-OK code returned during provisioning: $status_code" + return 1 + fi + else + logger -t provis_$mac "Error connecting site. Curl error $errorcode " + return 1 + fi +} + +newProvis(){ + logger -t provis_$mac "Check for new Provisioning" + if [ ! -e "/tmp/oldProv.sh" ]; then + touch "/tmp/oldProv.sh" + fi + oldMD5=$(md5sum /tmp/oldProv.sh | cut -d ' ' -f1) + newMD5=$(md5sum /tmp/tmpProv.sh | cut -d ' ' -f1) + if [ "$oldMD5" != "$newMD5" ]; then + logger -t provis_$mac "New Provisioning found" + return 0 + else + logger -t provis_$mac "No new Provisioning" + return 1 + fi +} + + + +while true + do + mac=$(cat /sys/class/net/$device/address) + echo $mac + logger -t provis_$mac "Start provisioning cicle" + if getProvis; then + if newProvis; then + mv /tmp/tmpProv.sh /tmp/oldProv.sh + logger -t provis_$mac "Applying new provisioning data." + source /tmp/oldProv.sh + else + logger -t provis_$mac "No new provisioning data." + fi + else + logger -t provis_$mac "Didn't get provosioning data." + fi + #sleep 179 + sleep 10 + logger -t provis_$mac "End provisioning cicle. Sleeping ..." + done diff --git a/APs/etc/wifi-sentinel.sh b/APs/etc/wifi-sentinel.sh new file mode 100755 index 0000000..61ced01 --- /dev/null +++ b/APs/etc/wifi-sentinel.sh @@ -0,0 +1,47 @@ +#!/bin/ash + +# Configuration +device="eth0.20" +target_ip="8.8.8.8" +interfaces="phy0-ap0 phy1-ap0" +mac=$(cat /sys/class/net/$device/address) +ip_address=$(ip -4 addr show "$device" | awk '/inet / {print $2}' | cut -d/ -f1) +interval=59 + +check_ping() { + logger -t wifi_sentinel_$mac_$ip_address "Pinging $target_ip" + ping -c 1 -W 3 "$target_ip" >/dev/null 2>&1 + return $? +} + +wifi_down() { + logger -t wifi_sentinel_$mac_$ip_address "No response from $target_ip, bringing WiFi interfaces down..." + for interface in $interfaces; do + ip link set "$interface" down + done +} + +wifi_up() { + logger -t wifi_sentinel_$mac_$ip_address "Response from $target_ip detected, starting WiFi interfaces..." + for interface in $interfaces; do + ip link set "$interface" up + done +} + +# Main loop +wifi_is_down=0 + +while true; do + if check_ping; then + if [ "$wifi_is_down" -eq 1 ]; then + wifi_up + wifi_is_down=0 + fi + else + if [ "$wifi_is_down" -eq 0 ]; then + wifi_down + wifi_is_down=1 + fi + fi + sleep "$interval" +done diff --git a/asterisk/README.md b/asterisk/README.md new file mode 100644 index 0000000..48c81f3 --- /dev/null +++ b/asterisk/README.md @@ -0,0 +1,4 @@ + +Install fresh asterisk /reuires pjsip, so 18+ (last used version during OpenFest 2024: v22.0.0) + +Copy all the .conf files from this folder into /etc/asterisk/ diff --git a/asterisk/extensions.conf b/asterisk/extensions.conf new file mode 100644 index 0000000..7a056de --- /dev/null +++ b/asterisk/extensions.conf @@ -0,0 +1,85 @@ +[trunk] +exten => ,1,Progress() +same = n,Answer() +same = n,Goto(openfest,,1) + +[openfest] + +exten => ,1,Dial(PJSIP/NOC1&PJSIP/NOC2&PJSIP/REC1&PJSIP/REC2&PJSIP/TEAM) +same => n,HangUp() + +exten = _0NX.,1,Dial(PJSIP/359${EXTEN:1}@atlas-out) +same = n,HangUp() + +exten = _00359NX.,1,Dial(PJSIP/${EXTEN:2}@atlas-out) +same = n,HangUp() + +exten = _3188X.,1,Dial(PJSIP/${EXTEN}@atlas-out) +same = n,HangUp() + +exten = _359NX.,1,Dial(PJSIP/${EXTEN}@atlas-out) +same = n,HangUp() + +exten = _+359NX.,1,Dial(PJSIP/${EXTEN:1}@@atlas-out) +same = n,HangUp() + +;echo (test) +exten = 666,1,Answer() +same = n,Wait(1) +same = n,Playback(hello-world) +same = n,Echo() +same = n,Hangup() + +;MEDIC +exten => 150,1,Dial(PJSIP/@atlas-out) + +; NOC +;exten = 303,1,Dial(PJSIP/noc1&PJSIP/noc2,600,m(of)) +exten = 303,1,Dial(PJSIP/NOC1&PJSIP/NOC2) +exten = 3031,1,Dial(PJSIP/NOC1) +exten = 3032,1,Dial(PJSIP/NOC2) + +;REC +exten = 301,1,Dial(PJSIP/REC1) +exten = 302,1,Dial(PJSIP/REC2) + +;Team +exten = 304,1,Dial(PJSIP/TEAM) + +;Conf rooms +exten = 1001,1,Dial(PJSIP/ROOM-A) +exten = 1002,1,Dial(PJSIP/ROOM-B) +exten = 1006,1,Dial(PJSIP/ROOM-Z) + +;Separated clients +exten = 401,1,Dial(PJSIP/401) +exten = 402,1,Dial(PJSIP/402) +exten = 403,1,Dial(PJSIP/403) +exten = 404,1,Dial(PJSIP/404) +exten = 405,1,Dial(PJSIP/405) +exten = 406,1,Dial(PJSIP/406) +exten = 407,1,Dial(PJSIP/407) +exten = 408,1,Dial(PJSIP/408) +exten = 409,1,Dial(PJSIP/409) +exten = 410,1,Dial(PJSIP/410) +exten = 411,1,Dial(PJSIP/411) +exten = 412,1,Dial(PJSIP/412) +exten = 413,1,Dial(PJSIP/413) +exten = 414,1,Dial(PJSIP/414) +exten = 415,1,Dial(PJSIP/415) +exten = 416,1,Dial(PJSIP/416) +exten = 417,1,Dial(PJSIP/417) +exten = 418,1,Dial(PJSIP/418) +exten = 419,1,Dial(PJSIP/419) +exten = 420,1,Dial(PJSIP/420) + +[HINTS] +exten = 301,hint,PJSIP/REC1 +exten = 302,hint,PJSIP/REC2 +exten = 304,hint,PJSIP/TEAM +exten = 1001,hint,PJSIP/ROOM-A +exten = 1002,hint,PJSIP/ROOM-B +exten = 1006,hint,PJSIP/ROOM-Z + + + diff --git a/asterisk/logger.conf b/asterisk/logger.conf new file mode 100644 index 0000000..2d694c7 --- /dev/null +++ b/asterisk/logger.conf @@ -0,0 +1,186 @@ +; +; Logging Configuration +; +; In this file, you configure logging to files or to +; the syslog system. +; +; "logger reload" at the CLI will reload configuration +; of the logging system. + +[general] +; +; Customize the display of debug message time stamps +; this example is the ISO 8601 date format (yyyy-mm-dd HH:MM:SS) +; +; see strftime(3) Linux manual for format specifiers. Note that there is also +; a fractional second parameter which may be used in this field. Use %1q +; for tenths, %2q for hundredths, etc. +; +;dateformat=%F %T ; ISO 8601 date format +;dateformat=%F %T.%3q ; with milliseconds +; +; +; This makes Asterisk write callids to log messages +; (defaults to yes) +;use_callids = no +; +; This appends the hostname to the name of the log files. +;appendhostname = yes +; +; This determines whether or not we log queue events to a file +; (defaults to yes). +;queue_log = no +; +; Determines whether the queue_log always goes to a file, even +; when a realtime backend is present (defaults to no). +;queue_log_to_file = yes +; +; Set the queue_log filename +; (defaults to queue_log) +;queue_log_name = queue_log +; +; When using realtime for the queue log, use GMT for the timestamp +; instead of localtime. The default of this option is 'no'. +;queue_log_realtime_use_gmt = yes +; +; Log rotation strategy: +; none: Do not perform any logrotation at all. You should make +; very sure to set up some external logrotate mechanism +; as the asterisk logs can get very large, very quickly. +; sequential: Rename archived logs in order, such that the newest +; has the highest sequence number [default]. When +; exec_after_rotate is set, ${filename} will specify +; the new archived logfile. +; rotate: Rotate all the old files, such that the oldest has the +; highest sequence number [this is the expected behavior +; for Unix administrators]. When exec_after_rotate is +; set, ${filename} will specify the original root filename. +; timestamp: Rename the logfiles using a timestamp instead of a +; sequence number when "logger rotate" is executed. +; When exec_after_rotate is set, ${filename} will +; specify the new archived logfile. +;rotatestrategy = rotate +; +; Run a system command after rotating the files. This is mainly +; useful for rotatestrategy=rotate. The example allows the last +; two archive files to remain uncompressed, but after that point, +; they are compressed on disk. +; +; exec_after_rotate=gzip -9 ${filename}.2 +; +; +; For each file, specify what to log. +; +; For console logging, you set options at start of +; Asterisk with -v for verbose and -d for debug +; See 'asterisk -h' for more information. +; +; Directory for log files is configures in asterisk.conf +; option astlogdir +; +; All log messages go to a queue serviced by a single thread +; which does all the IO. This setting controls how big that +; queue can get (and therefore how much memory is allocated) +; before new messages are discarded. +; The default is 1000 +;logger_queue_limit = 250 +; +; Any custom logging levels you may want to use, which can then +; be sent to logging channels. The maximum number of custom +; levels is 16, but not all of these may be available if modules +; in Asterisk define their own. +;custom_levels = foobar,important,compliance +; +[logfiles] +; +; Format is: +; +; logger_name => [formatter]levels +; +; The name of the logger dictates not only the name of the logging +; channel, but also its type. Valid types are: +; - 'console' - The root console of Asterisk +; - 'syslog' - Linux syslog, with facilities specified afterwards with +; a period delimiter, e.g., 'syslog.local0' +; - 'filename' - The name of the log file to create. This is the default +; for log channels. +; +; Filenames can either be relative to the standard Asterisk log directory +; (see 'astlogdir' in asterisk.conf), or absolute paths that begin with +; '/'. +; +; An optional formatter can be specified prior to the log levels sent +; to the log channel. The formatter is defined immediately preceeding the +; levels, and is enclosed in square brackets. Valid formatters are: +; - [default] - The default formatter, this outputs log messages using a +; human readable format. +; - [plain] - The plain formatter, this outputs log messages using a +; human readable format with the addition of function name +; and line number. No color escape codes are ever printed +; nor are verbose messages treated specially. +; - [json] - Log the output in JSON. Note that JSON formatted log entries, +; if specified for a logger type of 'console', will be formatted +; per the 'default' formatter for log messages of type VERBOSE. +; This is due to the remote consoles interpreting verbosity +; outside of the logging subsystem. +; +; Log levels include the following, and are specified in a comma delineated +; list: +; debug +; trace +; notice +; warning +; error +; verbose() +; dtmf +; fax +; security +; +; +; Verbose takes an optional argument, in the form of an integer level. The +; verbose level can be set per logfile. Verbose messages with higher levels +; will not be logged to the file. If the verbose level is not specified, it +; will log verbose messages following the current level of the root console. +; +; Debug has multiple levels like verbose. However, it is a system wide setting +; and cannot be specified per logfile. You specify the debug level elsewhere +; such as the CLI 'core set debug 3', starting Asterisk with '-ddd', or in +; asterisk.conf 'debug=3'. +; +; Special level name "*" means all levels, even dynamic levels registered +; by modules after the logger has been initialized (this means that loading +; and unloading modules that create/remove dynamic logger levels will result +; in these levels being included on filenames that have a level name of "*", +; without any need to perform a 'logger reload' or similar operation). +; Note that there is no value in specifying both "*" and specific level names +; for a filename; the "*" level means all levels. The only exception is if +; you need to specify a specific verbose level. e.g, "verbose(3),*". +; +; We highly recommend that you DO NOT turn on debug mode if you are simply +; running a production system. Debug mode turns on a LOT of extra messages, +; most of which you are unlikely to understand without an understanding of +; the underlying code. Do NOT report debug messages as code issues, unless +; you have a specific issue that you are attempting to debug. They are +; messages for just that -- debugging -- and do not rise to the level of +; something that merit your attention as an Asterisk administrator. Both +; debug and trace messages are also very verbose and can and do fill up +; logfiles quickly. This is another reason not to have debug or trace +; modes on a production system unless you are in the process of debugging +; a specific issue. +; +debug.log => error,warning,notice,verbose,debug +trace.log => trace +security.log => security +;console => notice,warning,error +console => notice,warning,error,verbose,debug +messages.log => notice,warning,error +;full.log => notice,warning,error,debug,verbose,dtmf,fax +; +full-json.log => [json]debug,verbose,notice,warning,error,dtmf,fax +; +;syslog keyword : This special keyword logs to syslog facility +; +;syslog.local0 => notice,warning,error +; +; A log level defined in 'custom_levels' above +;important.log = important diff --git a/asterisk/pjsip.conf b/asterisk/pjsip.conf new file mode 100644 index 0000000..0fe7381 --- /dev/null +++ b/asterisk/pjsip.conf @@ -0,0 +1,387 @@ + ;===============TRANSPORT +[simpletrans] +type=transport +protocol=udp +bind=0.0.0.0 + +;===============ENDPOINT TEMPLATES + +[endpoint-basic](!) +type=endpoint +context=openfest +disallow=all +allow=alaw +subscribe_context=HINTS +allow_subscribe=yes + +[endpoint-trunk](!) +type=endpoint +context=trunk +disallow=all +allow=alaw + + +[auth-userpass](!) +type=auth +auth_type=userpass + +[aor-single-reg](!) +type=aor +max_contacts=1 + +;========== ATLAS OUT =============== +[atlas-out](endpoint-trunk) +type=endpoint +auth=authAtlas-Out +outbound_auth=authAtlas-Out +direct_media=no +aors=atlas-out + +[authAtlas-Out] +type=auth +auth_type=userpass +username= +password= + +[atlas-out] +type=aor +contact=sip::5060 +qualify_frequency=30 +qualify_timeout=5 + +[atlas-out] +type=registration +outbound_auth=authAtlas-Out +server_uri=sip: +client_uri=sip:@ + +[authAtlas-Out] +type=identify +endpoint=atlas-out +match= + +;===============EXTENSION NOC1 + +[NOC1](endpoint-basic) +auth=authNOC1 +aors=NOC1 + +[authNOC1](auth-userpass) +password= +username=NOC1 + +[NOC1](aor-single-reg) + +;===============EXTENSION NOC2 + +[NOC2](endpoint-basic) +auth=authNOC2 +aors=NOC2 + +[authNOC2](auth-userpass) +password= +username=NOC2 + +[NOC2](aor-single-reg) + +;===============EXTENSION REC1 + +[REC1](endpoint-basic) +auth=authREC1 +aors=REC1 + +[authREC1](auth-userpass) +password= +username=REC1 + +[REC1](aor-single-reg2 + +;===============EXTENSION REC2 + +[REC2](endpoint-basic) +auth=authREC2 +aors=REC2 + +[authREC2](auth-userpass) +password= +username=REC2 + +[REC2](aor-single-reg) + + +;===============EXTENSION ROOM-A + +[ROOM-A](endpoint-basic) +auth=authROOM-A +aors=ROOM-A + +[authROOM-A](auth-userpass) +password= +username=ROOM-A + +[ROOM-A](aor-single-reg) + +;===============EXTENSION ROOM-B + +[ROOM-B](endpoint-basic) +auth=authROOM-B +aors=ROOM-B + +[authROOM-B](auth-userpass) +password= +username=ROOM-B + +[ROOM-B](aor-single-reg) + +;===============EXTENSION ROOM-Z + +[ROOM-Z](endpoint-basic) +auth=authROOM-Z +aors=ROOM-Z + +[authROOM-Z](auth-userpass) +password= +username=ROOM-Z + +[ROOM-Z](aor-single-reg) + +;===============EXTENSION TEAM + +[TEAM](endpoint-basic) +auth=authTEAM +aors=TEAM + +[authTEAM](auth-userpass) +password= +username=TEAM + +[TEAM](aor-single-reg) + +; + + + + + + +;==============EXTENSION 401 +[401](endpoint-basic) +auth=auth401 +aors=401 + +[auth401](auth-userpass) +password= +username=401 + +[401](aor-single-reg) + +;==============EXTENSION 402 +[402](endpoint-basic) +auth=auth402 +aors=402 + +[auth402](auth-userpass) +password= +username=402 + +[402](aor-single-reg) + +;==============EXTENSION 403 +[403](endpoint-basic) +auth=auth403 +aors=403 + +[auth403](auth-userpass) +password= +username=403 + +[403](aor-single-reg) + +;==============EXTENSION 404 +[404](endpoint-basic) +auth=auth404 +aors=404 + +[auth404](auth-userpass) +password= +username=404 + +[404](aor-single-reg) + +;==============EXTENSION 405 +[405](endpoint-basic) +auth=auth405 +aors=405 + +[auth405](auth-userpass) +password= +username=405 + +[405](aor-single-reg) + +;==============EXTENSION 406 +[406](endpoint-basic) +auth=auth406 +aors=406 + +[auth406](auth-userpass) +password= +username=406 + +[406](aor-single-reg) + +;==============EXTENSION 407 +[407](endpoint-basic) +auth=auth407 +aors=407 + +[auth407](auth-userpass) +password= +username=407 + +[407](aor-single-reg) + +;==============EXTENSION 408 +[408](endpoint-basic) +auth=auth408 +aors=408 + +[auth408](auth-userpass) +password= +username=408 + +[408](aor-single-reg) + +;==============EXTENSION 409 +[409](endpoint-basic) +auth=auth409 +aors=409 + +[auth409](auth-userpass) +password= +username=409 + +[409](aor-single-reg) + +;==============EXTENSION 410 +[410](endpoint-basic) +auth=auth410 +aors=410 + +[auth410](auth-userpass) +password= +username=410 + +[410](aor-single-reg) + +;==============EXTENSION 411 +[411](endpoint-basic) +auth=auth411 +aors=411 + +[auth411](auth-userpass) +password= +username=411 + +[411](aor-single-reg) + +;==============EXTENSION 412 +[412](endpoint-basic) +auth=auth412 +aors=412 + +[auth412](auth-userpass) +password= +username=412 + +[412](aor-single-reg) + +;==============EXTENSION 413 +[413](endpoint-basic) +auth=auth413 +aors=413 + +[auth413](auth-userpass) +password= +username=413 + +[413](aor-single-reg) + +;==============EXTENSION 414 +[414](endpoint-basic) +auth=auth414 +aors=414 + +[auth414](auth-userpass) +password= +username=414 + +[414](aor-single-reg) + +;==============EXTENSION 415 +[415](endpoint-basic) +auth=auth415 +aors=415 + +[auth415](auth-userpass) +password= +username=415 + +[415](aor-single-reg) + +;==============EXTENSION 416 +[416](endpoint-basic) +auth=auth416 +aors=416 + +[auth416](auth-userpass) +password= +username=416 + +[416](aor-single-reg) + +;==============EXTENSION 417 +[417](endpoint-basic) +auth=auth417 +aors=417 + +[auth417](auth-userpass) +password= +username=417 + +[417](aor-single-reg) + +;==============EXTENSION 418 +[418](endpoint-basic) +auth=auth418 +aors=418 + +[auth418](auth-userpass) +password= +username=418 + +[418](aor-single-reg) + +;==============EXTENSION 419 +[419](endpoint-basic) +auth=auth419 +aors=419 + +[auth419](auth-userpass) +password= +username=419 + +[419](aor-single-reg) + +;==============EXTENSION 420 +[420](endpoint-basic) +auth=auth420 +aors=420 + +[auth420](auth-userpass) +password= +username=420 + +[420](aor-single-reg) + + diff --git a/docs/Downlink_JA.jpg b/docs/Downlink_JA.jpg new file mode 100644 index 0000000..f3294ec Binary files /dev/null and b/docs/Downlink_JA.jpg differ diff --git a/docs/downlink_fl0.jpg b/docs/downlink_fl0.jpg new file mode 100644 index 0000000..4e63868 Binary files /dev/null and b/docs/downlink_fl0.jpg differ diff --git a/docs/ip-assignments.md b/docs/ip-assignments.md new file mode 100644 index 0000000..1d9c7da --- /dev/null +++ b/docs/ip-assignments.md @@ -0,0 +1,76 @@ +# IP ranges assignments + +## VLANs +ID | IP/Range | Name | Notes +---|----------|------|--------- +10 | single ip | NAT-ed | Provided by A1 +20 | 10.20.0.0/24 | mgmt | +21 | 10.21.0.0/22 | wired | wired clients +22 | 10.22.0.0/22 | wireless | ap +23 | 10.23.0.0/24 | video | video team +24 | 10.24.0.0/24 | overflow | overflow TV's +25 | 10.25.0.0/24 | reception | Reception related +26 | 10.26.0.0/24 | VoIP | Phones +27 | 10.27.0.0/24 | workshop | random ppl +207| subnets | provided by IPAct + +## Assignments + +### MGMT +IP | Name | Notes +---|------|------ +.1 | sonata | router/services +.11 | sw-core| CORE +.11 | core-backup| backu CORE(NO PoE) +.15 | sw-floor0| floor0 interconnecting switch +.16 | sw-barier| switch barier +.21 | sw-voc-a| video team switch room A +.22 | sw-voc-b| video team switch room B +.23 | sw-voc-z| video team switch room Z +.24 | sw-gkc| GKC switch +.25 | sw-rec-ja| Reception switch +.26 | sw-team| switch for teamroom +.27 | sw-workshop| switch workshop Floor 0 +.28 | sw-noc| NOC +.51 | ap-voc-a | +.52 | ap-ws-front | +.53 | ap-voc-b | +.54 | ap-lector-a | +.55 | ap-lector-b | +.56 | ap-ws-back | +.57 | ap-noc| +.58 | ap-ws0-left | +.59 | ap-ws0-right | +.60 | ap-voc-z| + +### Video WORK IN PROGRESS +IP | Name | Notes +---|------|------ +.1 | sonata | + +### Overflow +IP | Name | Notes +---|------|------ +.1 | sonata | + +### Wired +IP | Name | Notes +---|------|------ +.1 | sonata | + +### Reception +IP | Name | Notes +---|------|------ +.1 | sonata | + +### VoIP +IP | Name | Notes +---|------|------ +.1 | sonata | +.10 |phone-noc| +.11 |phone-voc-a| +.12 |phone-voc-b| +.13 |phone-voc-z| +.14 |phone-rec-ja| +.15 |phone-rec-z| +.16 |phone-team| diff --git a/docs/notes.md b/docs/notes.md new file mode 100644 index 0000000..424bf25 --- /dev/null +++ b/docs/notes.md @@ -0,0 +1,16 @@ +GKC ports + +Uplink from barier + +3th pair of T11. First or Second rack facing the door. + +Downlink to JA + +3th pair of "Форум". Rack next to uplink + + +JA port + +Uplink to Fl0 + +3th pair of top ODF diff --git a/docs/uplink_bariara.jpg b/docs/uplink_bariara.jpg new file mode 100644 index 0000000..4470b55 Binary files /dev/null and b/docs/uplink_bariara.jpg differ diff --git a/etc/dhcpd.conf b/etc/dhcpd.conf new file mode 100644 index 0000000..595e967 --- /dev/null +++ b/etc/dhcpd.conf @@ -0,0 +1,123 @@ +# dhcpd.conf + +default-lease-time 600; +max-lease-time 7200; + +# The ddns-updates-style parameter controls whether or not the server will +# attempt to do a DNS update when a lease is confirmed. We default to the +# behavior of the version 2 packages ('none', since DHCP v2 didn't +# have support for DDNS.) +ddns-update-style none; + +# If this DHCP server is the official DHCP server for the local +# network, the authoritative directive should be uncommented. +authoritative; + +subnet 10.20.0.0 netmask 255.255.255.0 { + option routers 10.20.0.1; + option domain-name-servers 10.20.0.1; + option domain-name "openfest.org"; + range 10.20.0.100 10.20.0.250; + default-lease-time 7200; +} + +subnet 10.21.0.0 netmask 255.255.252.0 { + option routers 10.21.0.1; + option domain-name-servers 10.21.0.1; + option domain-name "net.openfest.org"; + range 10.21.0.100 10.21.3.250; + default-lease-time 600; +} + +subnet 10.22.0.0 netmask 255.255.252.0 { + option routers 10.22.0.1; + option domain-name-servers 10.22.0.1; + option domain-name "net.openfest.org"; + range 10.22.0.2 10.22.3.240; + default-lease-time 600; +} + +subnet 10.23.0.0 netmask 255.255.255.0 { + option routers 10.23.0.1; + option domain-name-servers 10.23.0.1; + option domain-name "video.openfest.org"; + range 10.23.0.100 10.23.0.250; + default-lease-time 7200; +} + +subnet 10.24.0.0 netmask 255.255.255.0 { + option routers 10.24.0.1; + option domain-name-servers 10.24.0.1; + option domain-name "overflow.openfest.org"; + range 10.24.0.100 10.24.0.250; + default-lease-time 7200; +} + +subnet 10.25.0.0 netmask 255.255.255.0 { + option routers 10.25.0.1; + option domain-name-servers 10.25.0.1; + option domain-name "reception.openfest.org"; + range 10.25.0.100 10.25.0.250; + default-lease-time 7200; +} + +subnet 10.26.0.0 netmask 255.255.255.0 { + option routers 10.26.0.1; + option domain-name-servers 10.26.0.1; + option domain-name "voice.openfest.org"; + range 10.26.0.100 10.26.0.250; + default-lease-time 7200; +} + +subnet 10.27.0.0 netmask 255.255.255.0 { + option routers 10.27.0.1; + option domain-name-servers 10.27.0.1; + option domain-name "ws.openfest.org"; + range 10.27.0.100 10.27.0.250; + default-lease-time 7200; +} + +subnet 10.22.4.0 netmask 255.255.252.0 { + option routers 10.22.4.1; + option domain-name-servers 10.22.4.1; + option domain-name "net.openfest.org"; + range 10.22.4.2 10.22.7.240; + default-lease-time 600; +} + + +host phone-noc { + hardware ethernet 2c:86:d2:10:ce:2d; + fixed-address 10.26.0.10; +} + +host phone-voc-a { + hardware ethernet 00:9a:d2:c7:38:ba; + fixed-address 10.26.0.11; +} + +host phone-voc-b { + hardware ethernet e0:2f:6d:60:81:75; + fixed-address 10.26.0.12; +} + +host phone-voc-z { + hardware ethernet 00:9a:d2:c7:38:e8; + fixed-address 10.26.0.13; +} + +host phone-voc-rec-ja { + hardware ethernet 00:9a:d2:c7:38:c8; + fixed-address 10.26.0.14; +} + +host phone-voc-rec-z { + hardware ethernet 00:9a:d2:c7:3a:57; + fixed-address 10.26.0.15; +} + +host phone-voc-team { + hardware ethernet 00:0e:08:d2:ac:1b; + fixed-address 10.26.0.16; +} + diff --git a/etc/firewall b/etc/firewall new file mode 100644 index 0000000..6dca231 --- /dev/null +++ b/etc/firewall @@ -0,0 +1,48 @@ +# Generated by iptables-save v1.8.9 (nf_tables) on Sat Nov 2 10:52:22 2024 +*filter +:INPUT ACCEPT [25298:5332366] +:FORWARD ACCEPT [13306485:21895236661] +:OUTPUT ACCEPT [379222:49662999] +:f2b-sshd - [0:0] +-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT +-A INPUT -p udp -m udp --dport 53 -j ACCEPT +-A INPUT -p tcp -m tcp --dport 67 -j ACCEPT +-A INPUT -p udp -m udp --dport 67 -j ACCEPT +-A INPUT -p udp -m udp --dport 123 -j ACCEPT +-A INPUT -s 10.26.0.0/16 -d 10.26.0.1/32 -p udp -m udp --dport 5060 -j ACCEPT +-A INPUT -s 10.26.0.0/16 -d 10.26.0.1/32 -p udp -m udp --dport 10000:20000 -j ACCEPT +-A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT +-A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT +-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT +-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT +-A INPUT -s 10.20.0.0/16 -d 10.0.0.0/8 -j ACCEPT +-A INPUT -s 10.16.0.0/12 -d 10.0.0.0/8 -m comment --comment "Unknown traffic" -j LOG +-A INPUT -i lo -j ACCEPT + +-A INPUT -s 10.0.0.0/8 -p tcp -m multiport --dports 80,443 -j ACCEPT +-A FORWARD -s 10.21.0.0/16 -d 10.0.0.0/8 -j DROP +-A FORWARD -s 10.22.0.0/16 -d 10.0.0.0/8 -j DROP +-A FORWARD -s 10.26.0.0/16 -d 10.0.0.0/8 -j DROP +-A FORWARD -s 10.27.0.0/16 -d 10.0.0.0/8 -j DROP + +-A INPUT -s 10.21.0.0/16 -d 10.0.0.0/8 -j DROP +-A INPUT -s 10.22.0.0/16 -d 10.0.0.0/8 -j DROP +-A INPUT -s 10.23.0.0/16 -d 10.0.0.0/8 -j DROP +-A INPUT -s 10.24.0.0/16 -d 10.0.0.0/8 -j DROP +-A INPUT -s 10.25.0.0/16 -d 10.0.0.0/8 -j DROP +-A INPUT -s 10.26.0.0/16 -d 10.0.0.0/8 -j DROP +-A INPUT -s 10.27.0.0/16 -d 10.0.0.0/8 -j DROP +-A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd +-A f2b-sshd -j RETURN +COMMIT +# Completed on Sat Nov 2 10:52:22 2024 +# Generated by iptables-save v1.8.9 (nf_tables) on Sat Nov 2 10:52:22 2024 +*nat +:PREROUTING ACCEPT [62968:10626577] +:INPUT ACCEPT [17162:1392257] +:OUTPUT ACCEPT [35016:2739063] +:POSTROUTING ACCEPT [27488:2120027] +-A POSTROUTING -o eno2.207 -j MASQUERADE +-A POSTROUTING -o eno2.10 -j MASQUERADE +COMMIT +# Completed on Sat Nov 2 10:52:22 2024 diff --git a/etc/hosts b/etc/hosts new file mode 100644 index 0000000..85dd152 --- /dev/null +++ b/etc/hosts @@ -0,0 +1,43 @@ +127.0.0.1 localhost + +#local records + +10.20.0.1 sonata +10.20.0.11 sw-core +10.20.0.12 core-backup +10.20.0.15 sw-floor0 +10.20.0.16 sw-barier +10.20.0.21 sw-voc-a +10.20.0.22 sw-voc-b +10.20.0.23 sw-voc-z +10.20.0.24 sw-gkc +10.20.0.25 sw-rec-ja +10.20.0.26 sw-team +10.20.0.27 sw-workshop +10.20.0.28 sw-noc + +10.20.0.51 ap-voc-a +10.20.0.52 ap-ws-front +10.20.0.53 ap-voc-b +10.20.0.54 ap-lector-a +10.20.0.55 ap-lector-b +10.20.0.56 ap-ws-back +10.20.0.57 ap-noc +10.20.0.58 ap-ws0-left +10.20.0.59 ap-ws0-right +10.20.0.60 ap-voc-z + +10.26.0.10 phone-noc +10.26.0.11 phone-voc-a +10.26.0.12 phone-voc-b +10.26.0.13 phone-voc-z +10.26.0.14 phone-rec-ja +10.26.0.15 phone-rec-z +10.26.0.16 phone-team + +10.23.0.1 sonata +10.24.0.1 sonata +10.25.0.1 sonata +10.26.0.1 sonata +10.27.0.1 sonata + diff --git a/etc/interfaces b/etc/interfaces new file mode 100644 index 0000000..ab8a9cf --- /dev/null +++ b/etc/interfaces @@ -0,0 +1,307 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +source /etc/network/interfaces.d/* + +# The loopback network interface +auto lo +iface lo inet loopback + +# The primary network interface +allow-hotplug eno1 + +allow-hotplug eno2 + +# A1 backup +auto eno2.10 +iface eno2.10 inet dhcp + +auto eno2.20 +iface eno2.20 inet static + address 10.20.0.1/24 + +auto eno2.207 +iface eno2.207 inet static + address @_ADDRESS_@/@_PREFIX_@ + post-up /sbin/ip r add 1.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 2.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 3.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 4.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 5.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 6.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 7.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 8.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 9.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 11.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 12.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 13.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 14.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 15.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 16.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 17.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 18.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 19.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 20.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 21.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 22.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 23.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 24.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 25.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 26.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 27.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 28.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 29.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 30.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 31.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 32.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 33.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 34.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 35.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 36.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 37.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 38.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 39.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 40.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 41.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 42.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 43.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 44.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 45.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 46.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 47.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 48.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 49.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 50.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 51.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 52.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 53.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 54.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 55.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 56.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 57.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 58.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 59.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 60.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 61.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 62.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 63.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 64.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 65.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 66.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 67.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 68.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 69.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 70.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 71.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 72.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 73.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 74.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 75.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 76.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 77.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 78.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 79.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 80.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 81.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 82.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 83.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 84.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 85.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 86.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 87.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 88.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 89.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 90.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 91.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 92.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 93.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 94.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 95.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 96.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 97.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 98.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 99.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 100.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 101.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 102.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 103.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 104.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 105.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 106.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 107.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 108.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 109.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 110.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 111.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 112.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 113.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 114.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 115.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 116.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 117.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 118.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 119.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 120.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 121.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 122.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 123.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 124.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 125.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 126.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 127.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 128.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 129.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 130.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 131.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 132.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 133.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 134.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 135.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 136.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 137.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 138.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 139.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 140.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 141.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 142.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 143.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 144.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 145.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 146.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 147.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 148.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 149.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 150.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 151.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 152.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 153.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 154.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 155.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 156.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 157.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 158.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 159.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 160.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 161.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 162.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 163.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 164.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 165.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 166.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 167.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 168.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 169.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 170.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 171.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 172.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 173.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 174.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 175.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 176.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 177.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 178.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 179.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 180.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 181.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 182.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 183.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 184.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 185.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 186.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 187.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 188.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 189.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 190.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 191.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 192.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 193.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 194.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 195.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 196.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 197.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 198.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 199.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 200.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 201.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 202.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 203.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 204.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 205.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 206.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 207.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 208.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 209.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 210.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 211.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 212.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 213.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 214.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 215.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 216.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 217.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 218.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 219.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 220.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 221.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 222.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 223.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 224.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 225.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 226.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 227.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 228.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 229.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 230.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 231.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 232.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 233.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 234.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 235.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 236.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 237.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 238.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 239.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 240.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 241.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 242.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 243.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 244.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 245.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 246.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 247.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 248.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 249.0.0.0/8 via @_GATEWAY_@ + post-up /sbin/ip r add 250.0.0.0/8 via @_GATEWAY_@ + +auto eno2.21 +iface eno2.21 inet static + address 10.21.0.1/24 + +auto eno2.22 +iface eno2.22 inet static + address 10.22.0.1/22 + +auto eno2.23 +iface eno2.23 inet static + address 10.23.0.1/24 + +auto eno2.24 +iface eno2.24 inet static + address 10.24.0.1/24 + +auto eno2.25 +iface eno2.25 inet static + address 10.25.0.1/24 + +auto eno2.26 +iface eno2.26 inet static + address 10.26.0.1/24 + +auto eno2.27 +iface eno2.27 inet static + address 10.27.0.1/24 + +auto eno2.28 +iface eno2.28 inet static + address 10.22.4.1/22 + diff --git a/etc/unbound.conf b/etc/unbound.conf new file mode 100644 index 0000000..159ae79 --- /dev/null +++ b/etc/unbound.conf @@ -0,0 +1,35 @@ +# Unbound configuration file for Debian. +# +# See the unbound.conf(5) man page. +# +# See /usr/share/doc/unbound/examples/unbound.conf for a commented +# reference config file. +# +# The following line includes additional configuration files from the +# /etc/unbound/unbound.conf.d directory. + +server: + interface: 0.0.0.0 # Listen on all interfaces + access-control: 0.0.0.0/0 allow # Allow access from all networks + verbosity: 1 # Set verbosity for easier troubleshooting (optional) + + # Enable caching + msg-cache-size: 50m # Message cache size (adjust as needed) + rrset-cache-size: 100m # Resource record set cache size (adjust as needed) + cache-max-ttl: 86400 # Max time-to-live for cache (1 day) + cache-min-ttl: 3600 # Min time-to-live for cache (1 hour) + + # Timeout settings for faster fallback if cache/local records fail + infra-host-ttl: 60 # Cache infrastructure hosts for 1 minute + infra-lame-ttl: 600 # Cache lame delegations for 10 minutes + do-ip4: yes # Only use IPv4 if your ISP DNS does not support IPv6 + do-ip6: no # Disable IPv6 if not needed + do-udp: yes # Enable UDP for DNS + do-tcp: yes # Enable TCP for DNS + +forward-zone: + name: "." # Forward all other queries + forward-addr: 8.8.8.8 # Primary ISP DNS server + forward-addr: 1.1.1.1 # Secondary ISP DNS server + +include-toplevel: "/etc/unbound/unbound.conf.d/*.conf" diff --git a/etc/wifi-provisioning/README.md b/etc/wifi-provisioning/README.md new file mode 100644 index 0000000..cb8a316 --- /dev/null +++ b/etc/wifi-provisioning/README.md @@ -0,0 +1,3 @@ +Configuration files for wifi provosioning + +Should be in /etc/wifi-provisioning diff --git a/etc/wifi-provisioning/config.json b/etc/wifi-provisioning/config.json new file mode 100644 index 0000000..eab9954 --- /dev/null +++ b/etc/wifi-provisioning/config.json @@ -0,0 +1,82 @@ +{ + "1": { + "name": "ap-voc-a", + "ip_addr": "10.20.0.51", + "wifi_channel_24": 13, + "wifi_channel_5": 128, + "power_24": 20, + "power_5": 22 + }, + "2": { + "name": "ap-ws-front", + "ip_addr": "10.20.0.52", + "wifi_channel_24": 1, + "wifi_channel_5": 116, + "power_24": 16, + "power_5": 19 + }, + "3": { + "name": "ap-voc-b", + "ip_addr": "10.20.0.53", + "wifi_channel_24": 1, + "wifi_channel_5": 108, + "power_24": 20, + "power_5": 21 + }, + "4": { + "name": "ap-lector-a", + "ip_addr": "10.20.0.54", + "wifi_channel_24": 5, + "wifi_channel_5": 64, + "power_24": 17, + "power_5": 22 + }, + "5": { + "name": "ap-lector-b", + "ip_addr": "10.20.0.55", + "wifi_channel_24": 9, + "wifi_channel_5": 120, + "power_24": 11, + "power_5": 14 + }, + "6": { + "name": "ap-ws-back", + "ip_addr": "10.20.0.56", + "wifi_channel_24": 9, + "wifi_channel_5": 100, + "power_24": 16, + "power_5": 8 + }, + "7": { + "name": "ap-noc", + "ip_addr": "10.20.0.57", + "wifi_channel_24": 6, + "wifi_channel_5": 132, + "power_24": 14, + "power_5": 7 + }, + "8": { + "name": "ap-ws0-left", + "ip_addr": "10.20.0.58", + "wifi_channel_24": 1, + "wifi_channel_5": 116, + "power_24": 15, + "power_5": 20 + }, + "9": { + "name": "ap-ws0-right", + "ip_addr": "10.20.0.59", + "wifi_channel_24": 11, + "wifi_channel_5": 100, + "power_24": 14, + "power_5": 13 + }, + "11": { + "name": "ap-voc-z", + "ip_addr": "10.20.0.60", + "wifi_channel_24": 8, + "wifi_channel_5": 132, + "power_24": 20, + "power_5": 22 + } +} diff --git a/etc/wifi-provisioning/devices.json b/etc/wifi-provisioning/devices.json new file mode 100644 index 0000000..7077790 --- /dev/null +++ b/etc/wifi-provisioning/devices.json @@ -0,0 +1 @@ +{"40:18:b1:24:72:c0":"AP121","40:18:b1:23:7a:c0":"AP121","40:18:b1:23:7b:40":"AP121","f0:9c:e9:aa:39:c0":"AP121","40:18:b1:f5:96:c0":"AP121","40:18:b1:05:8e:40":"AP121","40:18:b1:23:6d:00":"AP121","c4:12:f5:a7:d2:00":"DAP","c4:12:f5:a6:63:70":"DAP","9c:d6:43:2d:b8:e0":"DAP","9c:d6:43:27:5f:70":"DAP","9c:d6:43:2d:b9:30":"DAP","f0:9c:e9:aa:90:00":"AP121"} \ No newline at end of file diff --git a/etc/wifi-provisioning/mapping.json b/etc/wifi-provisioning/mapping.json new file mode 100644 index 0000000..a9d1cb1 --- /dev/null +++ b/etc/wifi-provisioning/mapping.json @@ -0,0 +1,12 @@ +{ + "40:18:b1:24:72:c0": 1, + "40:18:b1:23:7a:c0": 2, + "40:18:b1:23:7b:40": 3, + "f0:9c:e9:aa:39:c0": 8, + "40:18:b1:23:6d:00": 9, + "40:18:b1:05:8e:40": 11, + "c4:12:f5:a7:d2:00": 4, + "c4:12:f5:a6:63:70": 5, + "9c:d6:43:2d:b8:e0": 6, + "9c:d6:43:27:5f:70": 7 +} diff --git a/etc/wifi-provisioning/templates/AP121_TEMPLATE b/etc/wifi-provisioning/templates/AP121_TEMPLATE new file mode 100644 index 0000000..8ec9662 --- /dev/null +++ b/etc/wifi-provisioning/templates/AP121_TEMPLATE @@ -0,0 +1,21 @@ +#!/bin/ash + +uci set network.mngmnt.proto='static' +uci set network.mngmnt.ipaddr='{{ip_addr}}' +uci set network.mngmnt.netmask='255.255.255.0' +uci set network.mngmnt.gateway='10.20.0.1' +uci set system.@system[0].hostname='{{name}}' #validate A..Z a..z 0..9 _ +uci set wireless.radio0.disabled='0' +uci set wireless.radio1.disabled='0' +uci set wireless.radio0.channel='{{wifi_channel_24}}' #validate {1..13} +uci set wireless.radio1.channel='{{wifi_channel_5}}' #validate {36..64}{100..140}{149..165} през 4 +uci set wireless.radio0.txpower='{{power_24}}' +uci set wireless.radio1.txpower='{{power_5}}' + +uci commit + +/etc/init.d/system restart +/etc/init.d/network restart +/etc/init.d/wpad restart +/sbin/wifi reload +/sbin/wifi up diff --git a/etc/wifi-provisioning/templates/DAP_TEMPLATE b/etc/wifi-provisioning/templates/DAP_TEMPLATE new file mode 100644 index 0000000..03c6919 --- /dev/null +++ b/etc/wifi-provisioning/templates/DAP_TEMPLATE @@ -0,0 +1,22 @@ +#!/bin/ash + +uci set network.lan.proto='static' +uci set network.lan.ipaddr='{{ip_addr}}' +uci set network.lan.netmask='255.255.255.0' +uci set network.lan.gateway='10.20.0.1' +uci set system.@system[0].hostname='{{name}}' #validate A..Z a..z 0..9 _ +uci set wireless.radio0.disabled='0' +uci set wireless.radio1.disabled='0' +uci set wireless.radio0.channel='{{wifi_channel_5}}' #validate {36..64}{100..140}{149..165} през 4 +uci set wireless.radio1.channel='{{wifi_channel_24}}' #validate {1..13} +uci set wireless.radio0.txpower='{{power_5}}' +uci set wireless.radio1.txpower='{{power_24}}' + +uci commit + +/etc/init.d/system restart +/etc/init.d/network restart +/etc/init.d/wpad restart +/sbin/wifi reload +/sbin/wifi up + diff --git a/monitoring/chek_mk.config.tar.gz b/monitoring/chek_mk.config.tar.gz new file mode 100644 index 0000000..f60c004 Binary files /dev/null and b/monitoring/chek_mk.config.tar.gz differ diff --git a/switch-configs/barrier.md b/switch-configs/barrier.md new file mode 100644 index 0000000..f5b3275 --- /dev/null +++ b/switch-configs/barrier.md @@ -0,0 +1,143 @@ +!TL-SG3210 +# +vlan 20,207,666,999 +# +vlan 20 +name "of-mgmt" +# +vlan 207 +name "ipact" +# +vlan 666 +name "uplink/ipacct" +# +# +# +# +hostname "barrier" +# +mac address-table aging-time 300 +# +logging buffer 6 +no logging file flash +# +enable secret @_pass_@ +# +system-time ntp UTC+02:00 10.20.0.1 10.20.0.1 4 +# +spanning-tree mode rstp +# +# +user name admin privilege admin secret 0 @_pass_@ +user name root privilege admin secret 0 @_pass_@ +# +# +# +# +# +# +snmp-server +snmp-server community "@_community_@" read-only "viewDefault" +# +interface gigabitEthernet 1/0/1 + switchport access vlan 20 +# +interface gigabitEthernet 1/0/2 + switchport access vlan 207 +# +interface gigabitEthernet 1/0/3 +# +interface gigabitEthernet 1/0/4 +# +interface gigabitEthernet 1/0/5 +# +interface gigabitEthernet 1/0/6 +# +interface gigabitEthernet 1/0/7 +# +interface gigabitEthernet 1/0/8 +# +interface gigabitEthernet 1/0/9 + switchport mode trunk + switchport trunk allowed vlan 20,207,666,999 + description "downlink/gkc" + speed 1000 + duplex full +# +interface gigabitEthernet 1/0/10 + switchport mode trunk + switchport trunk allowed vlan 20,207,666,999 + description "uplink/ipacct" + speed 1000 + duplex full +# +ip management-vlan 20 +interface vlan 20 +ip address 10.20.0.16 255.255.255.0 10.20.0.1 +# +# +line vty 0 0 +password @_pass_@ +login +# +line vty 1 1 +password @_pass_@ +login +# +line vty 2 2 +password @_pass_@ +login +# +line vty 3 3 +password @_pass_@ +login +# +line vty 4 4 +password @_pass_@ +login +# +line vty 5 5 +password @_pass_@ +login +# +line vty 6 6 +password @_pass_@ +login +# +line vty 7 7 +password @_pass_@ +login +# +line vty 8 8 +password @_pass_@ +login +# +line vty 9 9 +password @_pass_@ +login +# +line vty 10 10 +password @_pass_@ +login +# +line vty 11 11 +password @_pass_@ +login +# +line vty 12 12 +password @_pass_@ +login +# +line vty 13 13 +password @_pass_@ +login +# +line vty 14 14 +password @_pass_@ +login +# +line vty 15 15 +password @_pass_@ +login +# +end diff --git a/switch-configs/core-sw.md b/switch-configs/core-sw.md new file mode 100644 index 0000000..8d265fb --- /dev/null +++ b/switch-configs/core-sw.md @@ -0,0 +1,435 @@ +! +version 12.2 +no service pad +service timestamps debug uptime +service timestamps log datetime msec +no service password-encryption +service sequence-numbers +service unsupported-transceiver +! +hostname core-sw +! +boot-start-marker +boot-end-marker +! +enable password @_pass_@ +! +! +! +no aaa new-model +switch 1 provision ws-c3750e-48pd +system mtu routing 1500 +ip routing +! +! +ip name-server 10.20.0.2 +ip name-server 10.20.0.1 +vtp mode off +! +! +spanning-tree mode rapid-pvst +spanning-tree extend system-id +no spanning-tree vlan 999 +spanning-tree vlan 1,10,20-27 priority 0 +! +! +vlan internal allocation policy ascending +! +vlan 10 + name of-ext +! +vlan 20 + name of-mgmt +! +vlan 21 + name of-wired +! +vlan 22 + name of-wifi +! +vlan 23 + name of-video +! +vlan 24 + name of-overflow +! +vlan 25 + name of-reception +! +vlan 26 + name of-phone +! +vlan 27 + name of-workshop +! +vlan 207 + name ipacct207 +! +vlan 999 + name ipacct +! +lldp run +! +! +! +interface FastEthernet0 + no ip address + no ip route-cache cef + no ip route-cache + no ip mroute-cache +! +interface GigabitEthernet1/0/1 + description Debug + switchport access vlan 20 + switchport mode access + switchport nonegotiate + spanning-tree portfast + spanning-tree bpdufilter enable + spanning-tree bpduguard enable +! +interface GigabitEthernet1/0/2 + description Debug + switchport access vlan 20 + switchport mode access + switchport nonegotiate + spanning-tree portfast + spanning-tree bpdufilter enable + spanning-tree bpduguard enable +! +interface GigabitEthernet1/0/3 +! +interface GigabitEthernet1/0/4 + switchport access vlan 21 + switchport mode access + switchport nonegotiate + spanning-tree bpdufilter enable + spanning-tree bpduguard enable +! +interface GigabitEthernet1/0/5 + switchport access vlan 21 + switchport mode access + switchport nonegotiate + spanning-tree bpdufilter enable + spanning-tree bpduguard enable +! +interface GigabitEthernet1/0/6 +! +interface GigabitEthernet1/0/7 + switchport access vlan 24 + switchport mode access +! +interface GigabitEthernet1/0/8 +! +interface GigabitEthernet1/0/9 + description switch + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/10 + description switch + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/11 + description switch + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/12 + description switch + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/13 + description switch + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/14 + description switch + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/15 + description switch + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/16 + description switch + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/17 + description switch + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/18 + description switch + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/19 + description switch + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/20 + description switch + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/21 + description switch + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/22 + description switch + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/23 + description switch + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/24 + description switch + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/25 + description AP + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/26 + description AP + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/27 + description AP + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/28 + description AP + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/29 + description AP + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/30 + description AP + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/31 + description AP + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/32 + description AP + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/33 + description AP + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/34 + description AP + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/35 + description AP + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/36 + description AP + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/37 +! +interface GigabitEthernet1/0/38 +! +interface GigabitEthernet1/0/39 +! +interface GigabitEthernet1/0/40 +! +interface GigabitEthernet1/0/41 +! +interface GigabitEthernet1/0/42 +! +interface GigabitEthernet1/0/43 + switchport access vlan 10 + switchport mode access + switchport nonegotiate + spanning-tree portfast + spanning-tree bpdufilter enable + spanning-tree bpduguard enable +! +interface GigabitEthernet1/0/44 + switchport access vlan 10 + switchport mode access + switchport nonegotiate + spanning-tree portfast + spanning-tree bpdufilter enable + spanning-tree bpduguard enable +! +interface GigabitEthernet1/0/45 + description server mirror + switchport access vlan 22 + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-27,999 + switchport mode access + switchport nonegotiate + spanning-tree portfast trunk +! +interface GigabitEthernet1/0/46 + description server + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-27,999 + switchport mode trunk + spanning-tree portfast trunk +! +interface GigabitEthernet1/0/47 + description server-IPMI + switchport access vlan 10 + switchport mode access + switchport nonegotiate + spanning-tree portfast trunk +! +interface GigabitEthernet1/0/48 + description server + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 10,20-28,207,999 + switchport mode trunk + spanning-tree portfast trunk +! +interface GigabitEthernet1/0/49 +! +interface GigabitEthernet1/0/50 +! +interface GigabitEthernet1/0/51 + description floor0-sw + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 20-28,207,999 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet1/0/52 + description uplink-gkc + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 20-28,207,999 + switchport mode trunk + no cdp enable + no lldp transmit + spanning-tree portfast trunk + spanning-tree bpdufilter enable + spanning-tree bpduguard enable +! +interface TenGigabitEthernet1/0/1 + description server + switchport trunk encapsulation dot1q + switchport mode trunk + spanning-tree portfast trunk +! +interface TenGigabitEthernet1/0/2 +! +interface Vlan1 + no ip address +! +interface Vlan20 + ip address 10.20.0.11 255.255.255.0 +! +ip default-gateway 10.20.0.1 +ip classless +! +no ip http server +no ip http secure-server +! +logging history informational +logging 10.20.0.1 +! +snmp-server community @_community_@ RO +snmp-server enable traps license +! +! +line con 0 +line vty 0 4 + password @_pass_@ + login +line vty 5 15 + password @_pass_@ + login +! +end + diff --git a/switch-configs/floor0.md b/switch-configs/floor0.md new file mode 100644 index 0000000..d049174 --- /dev/null +++ b/switch-configs/floor0.md @@ -0,0 +1,145 @@ +!TL-SG2210MP +# +vlan 20 + name "managment" +# +vlan 21 + name "wired" +# +vlan 22 + name "wireless" +# +vlan 23 + name "video" +# +vlan 24 + name "overflow" +# +vlan 25 + name "reception" +# +vlan 26 + name "voice" +# +vlan 27 + name "other" +# +vlan 28 + name "wired2" +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +hostname "sw-floor0" +# +# +system-time ntp UTC+08:00 133.100.9.2 139.78.100.163 12 199.165.76.11 140.142.16.34 128.138.140.44 +no system-time dst +# +# +# +user name admin privilege admin password 0 @_pass_@ +enable password 0 @_pass_@ +no service reset-disable +# +# +# +# +# +# +# +# +# +snmp-server +snmp-server community "@_community_@" read-only "viewDefault" +# +# +# +# +power inline consumption 150.0 +# +# + +# +# +loopback-detection +# +# +# +# +# +# +# +no controller cloud-based +no controller cloud-based privacy-policy +interface vlan 1 + ip address-alloc dhcp + no ipv6 enable +# +interface vlan 20 + ip address 10.20.0.15 255.255.255.0 + no ipv6 enable +# +interface gigabitEthernet 1/0/1 + switchport general allowed vlan 20,22,28 tagged + +# +interface gigabitEthernet 1/0/2 + switchport general allowed vlan 20,22,28 tagged + +# +interface gigabitEthernet 1/0/3 + switchport general allowed vlan 26 untagged + no switchport general allowed vlan 1 + +# +interface gigabitEthernet 1/0/4 + switchport general allowed vlan 1,20,27 tagged + switchport pvid 20 + +# +interface gigabitEthernet 1/0/5 + switchport general allowed vlan 1,24 tagged + +# +interface gigabitEthernet 1/0/6 + switchport general allowed vlan 1,20,22,28 tagged + +# +interface gigabitEthernet 1/0/7 + switchport general allowed vlan 1,20,22,28 tagged + +# +interface gigabitEthernet 1/0/8 + switchport general allowed vlan 20-28 tagged + switchport pvid 20 + + power inline supply disable +# +interface gigabitEthernet 1/0/9 + switchport general allowed vlan 20-28 tagged + +# +interface gigabitEthernet 1/0/10 + switchport general allowed vlan 20-28 tagged + +# +end + diff --git a/switch-configs/gkc.md b/switch-configs/gkc.md new file mode 100644 index 0000000..c5bec5d --- /dev/null +++ b/switch-configs/gkc.md @@ -0,0 +1,172 @@ +!TL-SG3210 +# +vlan 20-28,207,666 +# +vlan 20 +name "of-mgmt" +# +vlan 21 +name "of-wired" +# +vlan 22 +name "of-wifi" +# +vlan 23 +name "of-video" +# +vlan 24 +name "of-overflow" +# +vlan 25 +name "of-reception" +# +vlan 26 +name "of-phone" +# +vlan 27 +name "of-workshop" +# +vlan 28 +name "wireless2" +# +vlan 207 +name "ipact" +# +vlan 666 +name "uplink/ipacct" +# +# +# +# +hostname "gkc" +contact-info "" +# +mac address-table aging-time 300 +# +logging buffer 6 +no logging file flash +logging host index 1 10.20.0.1 6 +# +enable secret @_pass_@ +# +system-time ntp UTC+02:00 10.20.0.1 10.20.0.1 4 +# +spanning-tree mode rstp +# +# +user name admin privilege admin secret 0 @_pass_@ +user name root privilege admin secret 0 @_pass_@ +# +# +# +# +# +# +snmp-server +snmp-server community "@_community_@" read-only "viewDefault" +# +interface gigabitEthernet 1/0/1 + switchport access vlan 20 +# +interface gigabitEthernet 1/0/2 +# +interface gigabitEthernet 1/0/3 +# +interface gigabitEthernet 1/0/4 +# +interface gigabitEthernet 1/0/5 +# +interface gigabitEthernet 1/0/6 +# +interface gigabitEthernet 1/0/7 + switchport access vlan 23 +# +interface gigabitEthernet 1/0/8 + switchport mode trunk + switchport trunk allowed vlan 20-28 + description "downlink/voc-z" +# +interface gigabitEthernet 1/0/9 + switchport mode trunk + switchport trunk allowed vlan 20-28,207,666 + description "downlink/coresw" + speed 1000 + duplex full +# +interface gigabitEthernet 1/0/10 + switchport mode trunk + switchport trunk allowed vlan 20-28,207,666 + description "uplink/barrier" + speed 1000 + duplex full +# +ip management-vlan 20 +interface vlan 20 +ip address 10.20.0.24 255.255.255.0 10.20.0.1 +# +# +line vty 0 0 +password @_pass_@ +login +# +line vty 1 1 +password @_pass_@ +login +# +line vty 2 2 +password @_pass_@ +login +# +line vty 3 3 +password @_pass_@ +login +# +line vty 4 4 +password @_pass_@ +login +# +line vty 5 5 +password @_pass_@ +login +# +line vty 6 6 +password @_pass_@ +login +# +line vty 7 7 +password @_pass_@ +login +# +line vty 8 8 +password @_pass_@ +login +# +line vty 9 9 +password @_pass_@ +login +# +line vty 10 10 +password @_pass_@ +login +# +line vty 11 11 +password @_pass_@ +login +# +line vty 12 12 +password @_pass_@ +login +# +line vty 13 13 +password @_pass_@ +login +# +line vty 14 14 +password @_pass_@ +login +# +line vty 15 15 +password @_pass_@ +login +# +end diff --git a/switch-configs/noc.md b/switch-configs/noc.md new file mode 100644 index 0000000..2257240 --- /dev/null +++ b/switch-configs/noc.md @@ -0,0 +1,166 @@ +! +version 12.2 +no service pad +service timestamps debug uptime +service timestamps log uptime +no service password-encryption +! +hostname noc-sw +! +enable secret @_pass_@ +! +no aaa new-model +ip subnet-zero +! +! +! +! +! +! +spanning-tree mode pvst +spanning-tree extend system-id +! +vlan internal allocation policy ascending +! +! +! +! +! +! +interface FastEthernet0/1 + switchport access vlan 22 + switchport mode access +! +interface FastEthernet0/2 + switchport access vlan 22 + switchport mode access +! +interface FastEthernet0/3 + switchport access vlan 23 + switchport mode access +! +interface FastEthernet0/4 + switchport access vlan 23 + switchport mode access +! +interface FastEthernet0/5 + switchport access vlan 24 + switchport mode access +! +interface FastEthernet0/6 + switchport access vlan 24 + switchport mode access +! +interface FastEthernet0/7 + switchport access vlan 25 + switchport mode access +! +interface FastEthernet0/8 + switchport access vlan 25 + switchport mode access +! +interface FastEthernet0/9 + switchport access vlan 26 + switchport mode access +! +interface FastEthernet0/10 + switchport access vlan 26 + switchport mode access +! +interface FastEthernet0/11 + switchport access vlan 27 + switchport mode access +! +interface FastEthernet0/12 + switchport access vlan 27 + switchport mode access +! +interface FastEthernet0/13 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/14 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/15 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/16 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/17 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/18 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/19 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/20 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/21 + switchport access vlan 20 + switchport mode access +! +interface FastEthernet0/22 + switchport access vlan 20 + switchport mode access +! +interface FastEthernet0/23 + description "noc ap" + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 20,22 + switchport mode trunk + switchport nonegotiate +! +interface FastEthernet0/24 + description "uplink fl0" + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 20-27 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet0/1 + switchport mode dynamic desirable +! +interface GigabitEthernet0/2 + switchport mode dynamic desirable +! +interface Vlan1 + no ip address + shutdown +! +interface Vlan20 + ip address 10.20.0.28 255.255.255.0 +! +ip default-gateway 10.20.0.1 +ip classless +no ip http server +no ip http secure-server +! +! +logging 10.20.0.1 +snmp-server community @_community_@ RO +! +control-plane +! +! +line con 0 +line vty 0 4 + password @_pass_@ + login +line vty 5 15 + password @_pass_@ + login +! +end + diff --git a/switch-configs/rec-ja.md b/switch-configs/rec-ja.md new file mode 100644 index 0000000..e25dec2 --- /dev/null +++ b/switch-configs/rec-ja.md @@ -0,0 +1,176 @@ +!TL-SG3210 +# +vlan 20-27 +# +vlan 20 +name "of-mgmt" +# +vlan 21 +name "of-wired" +# +vlan 22 +name "of-wifi" +# +vlan 23 +name "of-video" +# +vlan 24 +name "of-overflow" +# +vlan 25 +name "of-reception" +# +vlan 26 +name "of-phone" +# +vlan 27 +name "of-workshop" +# +# +# +# +hostname "reception-JA" +# +mac address-table aging-time 300 +# +logging buffer 6 +no logging file flash +logging host index 1 10.20.0.1 6 +# +enable password @_pass_@ +# +system-time ntp UTC+02:00 10.20.0.1 10.20.0.1 4 +# +spanning-tree mode rstp +# +# +# +# +# +# +# +# +snmp-server +snmp-server community @_community_@ read-only viewDefault +# +# +interface gigabitEthernet 1/0/1 + switchport access vlan 26 + + +# +interface gigabitEthernet 1/0/2 + switchport access vlan 25 + + +# +interface gigabitEthernet 1/0/3 + switchport access vlan 25 + + +# +interface gigabitEthernet 1/0/4 + switchport access vlan 25 + + +# +interface gigabitEthernet 1/0/5 + switchport access vlan 25 + + +# +interface gigabitEthernet 1/0/6 + switchport access vlan 25 + + +# +interface gigabitEthernet 1/0/7 + switchport access vlan 25 + + +# +interface gigabitEthernet 1/0/8 + switchport mode trunk + switchport trunk allowed vlan 20-27 + description "uplink/coresw" + + +# +interface gigabitEthernet 1/0/9 + speed 1000 + +# +interface gigabitEthernet 1/0/10 + speed 1000 + +# +ip management-vlan 20 +interface vlan 20 +ip address 10.20.0.25 255.255.255.0 10.20.0.1 +# +line vty 0 0 +password @_pass_@ +login +# +line vty 1 1 +password @_pass_@ +login +# +line vty 2 2 +password @_pass_@ +login +# +line vty 3 3 +password @_pass_@ +login +# +line vty 4 4 +password @_pass_@ +login +# +line vty 5 5 +password @_pass_@ +login +# +line vty 6 6 +password @_pass_@ +login +# +line vty 7 7 +password @_pass_@ +login +# +line vty 8 8 +password @_pass_@ +login +# +line vty 9 9 +password @_pass_@ +login +# +line vty 10 10 +password @_pass_@ +login +# +line vty 11 11 +password @_pass_@ +login +# +line vty 12 12 +password @_pass_@ +login +# +line vty 13 13 +password @_pass_@ +login +# +line vty 14 14 +password @_pass_@ +login +# +line vty 15 15 +password @_pass_@ +login +# +end + diff --git a/switch-configs/team.md b/switch-configs/team.md new file mode 100644 index 0000000..f9124a3 --- /dev/null +++ b/switch-configs/team.md @@ -0,0 +1,167 @@ +! +version 15.0 +no service pad +service timestamps debug datetime msec +service timestamps log datetime msec +no service password-encryption +service unsupported-transceiver +! +hostname team-sw +! +boot-start-marker +boot-end-marker +! +enable password @_pass_@ +! +no aaa new-model +system mtu routing 1500 +! +! +ip name-server 10.20.0.1 +cluster enable of 0 +! +! +! +! +spanning-tree mode pvst +spanning-tree extend system-id +! +vlan internal allocation policy ascending +! +! +! +! +! +interface FastEthernet0/1 + switchport access vlan 26 + switchport mode access +! +interface FastEthernet0/2 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/3 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/4 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/5 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/6 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/7 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/8 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/9 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/10 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/11 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/12 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/13 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/14 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/15 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/16 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/17 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/18 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/19 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/20 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/21 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/22 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/23 + switchport access vlan 21 + switchport mode access +! +interface FastEthernet0/24 + switchport access vlan 21 + switchport mode access +! +interface GigabitEthernet0/1 + switchport trunk allowed vlan 20-27 + switchport mode trunk + switchport nonegotiate + shutdown +! +interface GigabitEthernet0/2 + switchport trunk allowed vlan 20-27 + switchport mode trunk + switchport nonegotiate +! +interface Vlan1 + no ip address + no ip route-cache + shutdown +! +interface Vlan20 + ip address 10.20.0.26 255.255.255.0 + no ip route-cache +! +ip default-gateway 10.20.0.1 +no ip http server +no ip http secure-server +logging host 10.20.0.1 session-id hostname +snmp-server community @_community_@ RO +! +! +line con 0 +line vty 0 4 + password @_pass_@ + login +line vty 5 15 + password @_pass_@ + login +! +end + diff --git a/switch-configs/voc-a.md b/switch-configs/voc-a.md new file mode 100644 index 0000000..ef66132 --- /dev/null +++ b/switch-configs/voc-a.md @@ -0,0 +1,161 @@ +!TL-SG3210 +# +vlan 20-27 +# +vlan 20 +name "of-mgmt" +# +vlan 21 +name "of-wired" +# +vlan 22 +name "of-wifi" +# +vlan 23 +name "of-video" +# +vlan 24 +name "of-overflow" +# +vlan 25 +name "of-reception" +# +vlan 26 +name "of-phone" +# +vlan 27 +name "of-workshop" +# +# +# +# +hostname "vocsw-A" +# +mac address-table aging-time 300 +# +logging buffer 6 +no logging file flash +logging host index 1 10.20.0.1 6 +# +enable secret @_pass_@ +# +system-time ntp UTC+02:00 10.20.0.1 10.20.0.1 4 +# +spanning-tree mode rstp +# +# +user name admin privilege admin secret @_pass_@ +user name root privilege admin secret @_pass_@ +# +# +# +# +# +# +snmp-server +snmp-server community "@_community_@" read-only "viewDefault" +# +interface gigabitEthernet 1/0/1 + switchport access vlan 26 +# +interface gigabitEthernet 1/0/2 + switchport access vlan 23 +# +interface gigabitEthernet 1/0/3 + switchport access vlan 23 +# +interface gigabitEthernet 1/0/4 + switchport access vlan 23 +# +interface gigabitEthernet 1/0/5 + switchport access vlan 23 +# +interface gigabitEthernet 1/0/6 + switchport access vlan 23 +# +interface gigabitEthernet 1/0/7 + switchport access vlan 23 +# +interface gigabitEthernet 1/0/8 + switchport mode trunk + switchport trunk allowed vlan 20-27 + description "uplink/coresw" +# +interface gigabitEthernet 1/0/9 + speed 1000 + duplex full +# +interface gigabitEthernet 1/0/10 + speed 1000 + duplex full +# +ip management-vlan 20 +interface vlan 20 +ip address 10.20.0.21 255.255.255.0 10.20.0.1 +# +# +line vty 0 0 +password @_pass_@ +login +# +line vty 1 1 +password @_pass_@ +login +# +line vty 2 2 +password @_pass_@ +login +# +line vty 3 3 +password @_pass_@ +login +# +line vty 4 4 +password @_pass_@ +login +# +line vty 5 5 +password @_pass_@ +login +# +line vty 6 6 +password @_pass_@ +login +# +line vty 7 7 +password @_pass_@ +login +# +line vty 8 8 +password @_pass_@ +login +# +line vty 9 9 +password @_pass_@ +login +# +line vty 10 10 +password @_pass_@ +login +# +line vty 11 11 +password @_pass_@ +login +# +line vty 12 12 +password @_pass_@ +login +# +line vty 13 13 +password @_pass_@ +login +# +line vty 14 14 +password @_pass_@ +login +# +line vty 15 15 +password @_pass_@ +login +# +end diff --git a/switch-configs/voc-b.md b/switch-configs/voc-b.md new file mode 100644 index 0000000..fd1245d --- /dev/null +++ b/switch-configs/voc-b.md @@ -0,0 +1,163 @@ +!TL-SG3210 +# +vlan 20-27 +# +vlan 20 +name "of-mgmt" +# +vlan 21 +name "of-wired" +# +vlan 22 +name "of-wifi" +# +vlan 23 +name "of-video" +# +vlan 24 +name "of-overflow" +# +vlan 25 +name "of-reception" +# +vlan 26 +name "of-phone" +# +vlan 27 +name "of-workshop" +# +# +# +# +hostname "vocsw-B" +# +mac address-table aging-time 300 +# +logging buffer 6 +no logging file flash +logging host index 1 10.20.0.1 6 +# +enable secret @_pass_@ +# +system-time ntp UTC+02:00 10.20.0.1 10.20.0.1 4 +# +spanning-tree mode rstp +# +# +user name admin privilege admin secret 0 @_pass_@ +user name root privilege admin secret 0 @_pass_@ +# +# +# +# +# +# +snmp-server +snmp-server community "@_community_@" read-only "viewDefault" +# +interface gigabitEthernet 1/0/1 + switchport access vlan 26 +# +interface gigabitEthernet 1/0/2 + switchport access vlan 23 +# +interface gigabitEthernet 1/0/3 + switchport access vlan 23 +# +interface gigabitEthernet 1/0/4 + switchport access vlan 23 +# +interface gigabitEthernet 1/0/5 + switchport access vlan 23 +# +interface gigabitEthernet 1/0/6 + switchport access vlan 23 +# +interface gigabitEthernet 1/0/7 + switchport access vlan 23 +# +interface gigabitEthernet 1/0/8 + switchport mode trunk + switchport trunk allowed vlan 20-27 + description "uplink/coresw" +# +interface gigabitEthernet 1/0/9 + speed 1000 + duplex full +# +interface gigabitEthernet 1/0/10 + speed 1000 + duplex full +# +ip management-vlan 20 +interface vlan 20 +ip address 10.20.0.22 255.255.255.0 10.20.0.1 +# +# +line vty 0 0 +password @_pass_@ +login +# +line vty 1 1 +password @_pass_@ +login +# +line vty 2 2 +password @_pass_@ +login +# +line vty 3 3 +password @_pass_@ +login +# +line vty 4 4 +password @_pass_@ +login +# +line vty 5 5 +password @_pass_@ +login +# +line vty 6 6 +password @_pass_@ +login +# +line vty 7 7 +password @_pass_@ +login +# +line vty 8 8 +password @_pass_@ +login +# +line vty 9 9 +password @_pass_@ +login +# +line vty 10 10 +password @_pass_@ +login +# +line vty 11 11 +password @_pass_@ +login +# +line vty 12 12 +password @_pass_@ +login +# +line vty 13 13 +password @_pass_@ +login +# +line vty 14 14 +password @_pass_@ +login +# +line vty 15 15 +password @_pass_@ +login +# +end + + diff --git a/switch-configs/voc-z.md b/switch-configs/voc-z.md new file mode 100644 index 0000000..6ae7895 --- /dev/null +++ b/switch-configs/voc-z.md @@ -0,0 +1,162 @@ +!TL-SG3210 +# +vlan 20-27 +# +vlan 20 +name "of-mgmt" +# +vlan 21 +name "of-wired" +# +vlan 22 +name "of-wifi" +# +vlan 23 +name "of-video" +# +vlan 24 +name "of-overflow" +# +vlan 25 +name "of-reception" +# +vlan 26 +name "of-phone" +# +vlan 27 +name "of-workshop" +# +# +# +# +hostname "vocsw-Z" +# +mac address-table aging-time 300 +# +logging buffer 6 +no logging file flash +logging host index 1 10.20.0.1 6 +# +enable password @_pass_@ +# +system-time ntp UTC+02:00 10.20.0.1 10.20.0.1 4 +# +spanning-tree mode rstp +# +# +user name root privilege admin secret @_pass_@ +# +# +# +# +# +# +snmp-server +snmp-server community "@_community_@" read-only "viewDefault" +# +interface gigabitEthernet 1/0/1 + switchport access vlan 26 +# +interface gigabitEthernet 1/0/2 + switchport access vlan 26 +# +interface gigabitEthernet 1/0/3 + switchport access vlan 23 +# +interface gigabitEthernet 1/0/4 + switchport access vlan 23 +# +interface gigabitEthernet 1/0/5 + switchport access vlan 23 +# +interface gigabitEthernet 1/0/6 + switchport mode trunk + switchport trunk allowed vlan 20,22 + description "mgmt/radio" +# +interface gigabitEthernet 1/0/7 + switchport access vlan 21 +# +interface gigabitEthernet 1/0/8 + switchport mode trunk + switchport trunk allowed vlan 20-27 + description "uplink/gkc" +# +interface gigabitEthernet 1/0/9 + speed 1000 + duplex full +# +interface gigabitEthernet 1/0/10 + speed 1000 + duplex full +# +ip management-vlan 20 +interface vlan 20 +ip address 10.20.0.23 255.255.255.0 10.20.0.1 +# +# +line vty 0 0 +password @_pass_@ +login +# +line vty 1 1 +password @_pass_@ +login +# +line vty 2 2 +password @_pass_@ +login +# +line vty 3 3 +password @_pass_@ +login +# +line vty 4 4 +password @_pass_@ +login +# +line vty 5 5 +password @_pass_@ +login +# +line vty 6 6 +password @_pass_@ +login +# +line vty 7 7 +password @_pass_@ +login +# +line vty 8 8 +password @_pass_@ +login +# +line vty 9 9 +password @_pass_@ +login +# +line vty 10 10 +password @_pass_@ +login +# +line vty 11 11 +password @_pass_@ +login +# +line vty 12 12 +password @_pass_@ +login +# +line vty 13 13 +password @_pass_@ +login +# +line vty 14 14 +password @_pass_@ +login +# +line vty 15 15 +password @_pass_@ +login +# +end diff --git a/switch-configs/workshop.md b/switch-configs/workshop.md new file mode 100644 index 0000000..1b331e7 --- /dev/null +++ b/switch-configs/workshop.md @@ -0,0 +1,170 @@ +! +version 12.2 +no service pad +service timestamps debug uptime +service timestamps log uptime +no service password-encryption +! +hostname workshop-sw +! +enable secret @_pass_@ +enable password @_pass_@ +! +no aaa new-model +ip subnet-zero +! +! +! +! +! +! +spanning-tree mode pvst +spanning-tree extend system-id +! +vlan internal allocation policy ascending +! +! +! +! +! +! +interface FastEthernet0/1 + switchport access vlan 27 + switchport mode access +! +interface FastEthernet0/2 + switchport access vlan 27 + switchport mode access +! +interface FastEthernet0/3 + switchport access vlan 27 + switchport mode access +! +interface FastEthernet0/4 + switchport access vlan 27 + switchport mode access +! +interface FastEthernet0/5 + switchport access vlan 27 + switchport mode access +! +interface FastEthernet0/6 + switchport access vlan 27 + switchport mode access +! +interface FastEthernet0/7 + switchport access vlan 27 + switchport mode access +! +interface FastEthernet0/8 + switchport access vlan 27 + switchport mode access +! +interface FastEthernet0/9 + switchport access vlan 27 + switchport mode access +! +interface FastEthernet0/10 + switchport access vlan 27 + switchport mode access +! +interface FastEthernet0/11 + switchport access vlan 27 + switchport mode access +! +interface FastEthernet0/12 + switchport access vlan 27 + switchport mode access +! +interface FastEthernet0/13 + switchport access vlan 27 + switchport mode access +! +interface FastEthernet0/14 + switchport access vlan 27 + switchport mode access +! +interface FastEthernet0/15 + switchport access vlan 27 + switchport mode access +! +interface FastEthernet0/16 + switchport access vlan 27 + switchport mode access +! +interface FastEthernet0/17 + switchport access vlan 27 + switchport mode access +! +interface FastEthernet0/18 + switchport access vlan 27 + switchport mode access +! +interface FastEthernet0/19 + switchport access vlan 27 + switchport mode access +! +interface FastEthernet0/20 + switchport access vlan 27 + switchport mode access +! +interface FastEthernet0/21 + switchport access vlan 27 + switchport mode access +! +interface FastEthernet0/22 + switchport access vlan 24 + switchport mode access +! +interface FastEthernet0/23 + description "uplink" + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 20-27 + switchport mode trunk + switchport nonegotiate + shutdown +! +interface FastEthernet0/24 + description "uplink fl0" + switchport trunk encapsulation dot1q + switchport trunk allowed vlan 20-27 + switchport mode trunk + switchport nonegotiate +! +interface GigabitEthernet0/1 + switchport mode dynamic desirable +! +interface GigabitEthernet0/2 + switchport mode dynamic desirable +! +interface Vlan1 + no ip address + shutdown +! +interface Vlan20 + ip address 10.20.0.27 255.255.255.0 +! +ip default-gateway 10.20.0.1 +ip classless +no ip http server +no ip http secure-server +! +! +logging 10.20.0.1 +snmp-server community @_community_@ RO +! +control-plane +! +! +line con 0 + password @_pass_@ + login +line vty 0 4 + password @_pass_@ + login +line vty 5 15 + password @_pass_@ + login +! +end + diff --git a/wifi-provisioning-serverside/Config.php b/wifi-provisioning-serverside/Config.php new file mode 100644 index 0000000..82d1d8e --- /dev/null +++ b/wifi-provisioning-serverside/Config.php @@ -0,0 +1,182 @@ +id = $id; + $this->setName($name); + $this->setIpAddr($ip_addr); + $this->setWifiChannel24($wifi_channel_24); + $this->setWifiChannel5($wifi_channel_5); + $this->setPower24($power_24); + $this->setPower5($power_5); + + } + + public function build($type): false|string + { + $template = $this->detectTemplate($type); + $template = str_replace('{{name}}', $this->name, $template); + $template = str_replace('{{ip_addr}}', $this->ip_addr, $template); + $template = str_replace('{{wifi_channel_24}}', $this->wifi_channel_24, $template); + $template = str_replace('{{wifi_channel_5}}', $this->wifi_channel_5, $template); + $template = str_replace('{{power_24}}', $this->power_24, $template); + $template = str_replace('{{power_5}}', $this->power_5, $template); + + + return $template; + + } + + /** + * Set the configuration name + * @param string $name + */ + public function detectTemplate($type): false|string + { + //detect the template based on the device type + if ($type == 'DAP') { + return file_get_contents('/etc/wifi-provisioning/templates/DAP_TEMPLATE'); + } + if ($type == 'AP121') { + return file_get_contents('/etc/wifi-provisioning/templates/AP121_TEMPLATE'); + } + + return false; + + } + + public function setName(string $name) + { + //null or regex [a-zA-Z0-9_-] + if (!is_null($name) && !preg_match('/^[a-zA-Z0-9_-]+$/', $name)) { + throw new \Exception('Invalid name'); + } + $this->name = $name; + } + + public function setIpAddr(string $ip_addr) + { + //null or single ip address + if (!is_null($ip_addr) && !filter_var($ip_addr, FILTER_VALIDATE_IP)) { + throw new \Exception('Invalid IP address'); + } + $this->ip_addr = $ip_addr; + } + + + + public function setWifiChannel24(int $wifi_channel_24) + { + $this->wifi_channel_24 = $wifi_channel_24; + } + + public function setWifiChannel5(int $wifi_channel_5) + { + //validate wifi channel ranges {52..64}{100..140} step 4 + if ($wifi_channel_5 < 52 || $wifi_channel_5 > 140 || ($wifi_channel_5 > 64 && $wifi_channel_5 < 100) || $wifi_channel_5 % 4 != 0) { + throw new \Exception('Invalid 5GHz wifi channel'); + } + $this->wifi_channel_5 = $wifi_channel_5; + } + + public function setPower24(int $power_24) + { + //validate power ranges {1..20} + if ($power_24 < 1 || $power_24 > 20) { + throw new \Exception('Invalid 2.4GHz power'); + } + $this->power_24 = $power_24; + } + + public function setPower5(int $power_5) + { + //validate power ranges {1..22} + if ($power_5 < 1 || $power_5 > 22) { + throw new \Exception('Invalid 5GHz power'); + } + $this->power_5 = $power_5; + } + + public function getId(): ?int + { + return $this->id; + } + + public function getName(): ?string + { + return $this->name; + } + + public function getIpAddr(): ?string + { + return $this->ip_addr; + } + + + public function getWifiChannel24(): ?int + { + return $this->wifi_channel_24; + } + + public function getWifiChannel5(): ?int + { + return $this->wifi_channel_5; + } + + public function getPower24(): ?int + { + return $this->power_24; + } + + public function getPower5(): ?int + { + return $this->power_5; + } + + public function load() + { + //load the configuration from the provision configurations file + $configs = file_get_contents(Provision::$CONFIG_FILE); + $configs = json_decode($configs, true); + if (isset($configs[$this->id])) { + $this->name = $configs[$this->id]['name']; + $this->ip_addr = $configs[$this->id]['ip_addr']; + $this->wifi_channel_24 = $configs[$this->id]['wifi_channel_24']; + $this->wifi_channel_5 = $configs[$this->id]['wifi_channel_5']; + } + } + + public function save(): bool + { + //save the configuration to the provision configurations file + if (!file_exists(Provision::$CONFIG_FILE)) { + file_put_contents(Provision::$CONFIG_FILE, json_encode([])); + } + + $configs = file_get_contents(Provision::$CONFIG_FILE); + $configs = json_decode($configs, true); + $configs[$this->id] = [ + 'name' => $this->name, + 'ip_addr' => $this->ip_addr, + 'wifi_channel_24' => $this->wifi_channel_24, + 'wifi_channel_5' => $this->wifi_channel_5 + ]; + if (!file_put_contents(Provision::$CONFIG_FILE, json_encode($configs))) { + return false; + } + return true; + } +} \ No newline at end of file diff --git a/wifi-provisioning-serverside/Device.php b/wifi-provisioning-serverside/Device.php new file mode 100644 index 0000000..b0ae1bd --- /dev/null +++ b/wifi-provisioning-serverside/Device.php @@ -0,0 +1,91 @@ +mac = $mac; + + if ($type && !in_array($type, self::$DEVICE_TYPES)) { + throw new \Exception('Invalid device type. Possible values are: ' . implode(', ', self::$DEVICE_TYPES)); + } + $this->type = $type ?? $this->getDeviceType(); + syslog(LOG_INFO, "New device created with MAC: $mac and type: $type"); + } + + /** + * Save the device to the provision devices file + * @return bool + */ + public function save(): bool + { + //save the device to the provision devices file + if (!file_exists(Provision::$DEVICES_FILE)) { + file_put_contents(Provision::$DEVICES_FILE, json_encode([])); + } + + $devices = file_get_contents(Provision::$DEVICES_FILE); + $devices = json_decode($devices, true); + $devices[$this->mac] = $this->type; + if (!file_put_contents(Provision::$DEVICES_FILE, json_encode($devices))) { + return false; + } + return true; + + } + + /** + * Check if the device exists in the provision devices file + * @return bool + */ + public function check(): bool + { + //check if the device exists in the provision devices file + $devices = file_get_contents(Provision::$DEVICES_FILE); + $devices = json_decode($devices, true); + + return isset($devices[$this->mac]); + } + + public function getDeviceType() + { + //get the device type from the provision devices file + $devices = file_get_contents(Provision::$DEVICES_FILE); + $devices = json_decode($devices, true); + if (isset($devices[$this->mac])) { + return $devices[$this->mac]; + } + return null; + } + + public function getMac(): ?string + { + return $this->mac; + } + + public function getType(): ?string + { + return $this->type; + } + + public function setMac($mac): void + { + $this->mac = $mac; + } + + public function setType($type): void + { + $this->type = $type; + } +} \ No newline at end of file diff --git a/wifi-provisioning-serverside/Location.php b/wifi-provisioning-serverside/Location.php new file mode 100644 index 0000000..a9facc8 --- /dev/null +++ b/wifi-provisioning-serverside/Location.php @@ -0,0 +1,6 @@ +device = $mac ? new Device($mac) : null; + $this->config = null; + } + + public function provision(string $mac=NULL, int $location=null) + { + if ($mac) { + $this->device = new Device($mac); + } + if (!$this->device->check()) { + $this->log('Device with MAC: ' . $this->device->getMac() . ' does not exist'); + return FALSE; + } + if ($location) { + $this->config = new Config($location); + } + + try { + /** @var Config $configuration */ + $configuration = $this->getConfiguration(); + } catch (\Exception $e) { + $this->log('Failed to provision device with MAC: ' . $this->device->getMac() . ' - ' . $e->getMessage()); + return false; + } + if (!$configuration) { + $this->log('Failed to provision device with MAC: ' . $this->device->getMac()); + return false; + } + $this->log('Provisioned device with MAC: ' . $this->device->getMac()); + return $configuration->build($this->device->getType()); + } + + /** + * @throws Exception + */ + public function updateMapping(string $mac, int $locationID): bool + { + try{ + $device = new Device($mac); + } catch (\Exception $e) { + $this->log('Failed to update mapping for MAC: ' . $mac . ' - ' . $e->getMessage()); + return FALSE; + } + if (!$device->check()) { + $this->log('Device with MAC: ' . $mac . ' does not exist'); + return false; + } + $mappings = $this->getMappings(); + $mappings[$mac] = $locationID; + if (!file_put_contents(self::$MAPPING_FILE, json_encode($mappings))) { + $this->log('Failed to update mapping for MAC: ' . $mac . ' and Config ID: ' . $locationID); + return false; + } + $this->log('Updated mapping for MAC: ' . $mac . ' and Config ID: ' . $locationID); + return true; + } + + public function getMappings() + { + if (!file_exists(self::$MAPPING_FILE)) { + file_put_contents(self::$MAPPING_FILE, json_encode([])); + } + + $mappings = file_get_contents(self::$MAPPING_FILE); + return json_decode($mappings, true); + } + + public function getDevices() + { + if (!file_exists(self::$DEVICES_FILE)) { + file_put_contents(self::$DEVICES_FILE, json_encode([])); + } + + $devices = file_get_contents(self::$DEVICES_FILE); + return json_decode($devices, true); + } + + + /** + * Get the configuration for the device + * @return array + */ + public function getConfig(): array + { + if (!file_exists(self::$CONFIG_FILE)) { + file_put_contents(self::$CONFIG_FILE, json_encode([])); + } + + $config = file_get_contents(self::$CONFIG_FILE); + return json_decode($config, true); + } + + /** + * Add a device to the provision devices file + * @return bool + */ + public function addDevice(string $mac, string $type): bool + { + try{ + $device = new Device($mac, $type); + } catch (\Exception $e) { + $this->log('Failed to add device with MAC: ' . $mac . ' - ' . $e->getMessage()); + return FALSE; + } + if ($device->check()) { + $this->log('Device with MAC: ' . $device->getMac() . ' already exists'); + return FALSE; + } + if (!$device->save()) { + $this->log('Failed to add device with MAC: ' . $device->getMac()); + return FALSE; + } + $this->log('Device with MAC: ' . $device->getMac() . ' added successfully'); + return TRUE; + } + + public function addConfig(int $id, string $name, string $ip_addr, int $wifi_channel_24, int $wifi_channel_5, int $power_24, int $power_5): + bool + { + try{ + $config = new Config($id, $name, $ip_addr, $wifi_channel_24, $wifi_channel_5, $power_24, $power_5); + } catch (\Exception $e) { + $this->log('Failed to add configuration with ID: ' . $id . ' - ' . $e->getMessage()); + return FALSE; + } + + if (!$config->save()) { + $this->log('Failed to add configuration with ID: ' . $config->getId()); + return FALSE; + } + $this->log('Configuration with ID: ' . $config->getId() . ' added successfully'); + return TRUE; + } + + private function log(string $message) + { + file_put_contents(self::$LOG_FILE, $message . PHP_EOL, FILE_APPEND); + syslog(LOG_DEBUG, $message); + if (php_sapi_name() === 'cli') { + echo $message . PHP_EOL; + } + } + + private function getConfiguration(): ?Config + { + + //detect configuration based on mac and location + $mappings = $this->getMappings(); + $location = $mappings[$this->device->getMac()] ?? null; + if (!$location) { + $this->log('No mapping found for MAC: ' . $this->device->getMac()); + return null; + } + + $config = $this->getConfig(); + $configuration = $config[$location] ?? null; + if (!$configuration) { + $this->log('No configuration found for location ID: ' . $location); + return null; + } + + $this->log('Configuration found for MAC: ' . $this->device->getMac() . ' and location ID: ' . $location); + return new Config($location, $configuration['name'], $configuration['ip_addr'], $configuration['wifi_channel_24'], $configuration['wifi_channel_5'], $configuration['power_24'], $configuration['power_5']); + } +} \ No newline at end of file diff --git a/wifi-provisioning-serverside/README.md b/wifi-provisioning-serverside/README.md new file mode 100644 index 0000000..4005dd2 --- /dev/null +++ b/wifi-provisioning-serverside/README.md @@ -0,0 +1,5 @@ +PHP component of wifi provisionig. + +Written by Atanas(DevHex) + +Needs PHP capable web server. diff --git a/wifi-provisioning-serverside/c.php b/wifi-provisioning-serverside/c.php new file mode 100644 index 0000000..52d567a --- /dev/null +++ b/wifi-provisioning-serverside/c.php @@ -0,0 +1,22 @@ + 'MAC address is required']); + exit; +} +if (!isset($_POST['location'])) { + echo json_encode(['error' => 'Config ID is required']); + exit; +} + +try { + $provision = new Provision($_POST['mac']); + $provision->updateMapping($_POST['mac']??'', $_POST['location']??0); + echo json_encode(['success' => 'Device mapped successfully']); +} catch (Exception $e) { + echo json_encode(['error' => $e->getMessage()]); + exit; +} + diff --git a/wifi-provisioning-serverside/cli.php b/wifi-provisioning-serverside/cli.php new file mode 100755 index 0000000..e304f26 --- /dev/null +++ b/wifi-provisioning-serverside/cli.php @@ -0,0 +1,105 @@ +#!/usr/bin/php + ")); + switch ($choice) { + case '': + break; + case 'conf': + $configs = $provision->getConfig(); + echo '===== Configurations ====='.PHP_EOL; + foreach ($configs as $location => $conf) { + echo sprintf("Config ID: %2d, IP: %10s, CH2.4: %2d (PWR: %2d), CH5: %3d (PWR: %2d), Name: %s", + $location, + $conf['ip_addr'], + $conf['wifi_channel_24'], + $conf['power_24'], + $conf['wifi_channel_5'], + $conf['power_5'], + $conf['name']).PHP_EOL; + } + break; + case 'dev': + $devices = $provision->getDevices(); + echo '===== Devices ====='.PHP_EOL; + foreach ($devices as $mac => $type) { + echo "MAC: $mac, Type: $type\n"; + } + break; + case 'add-dev': + $mac = readline("Enter the MAC address: "); + $type = readline("Enter the device type: "); + $provision->addDevice($mac, $type); + break; + + case 'add-conf': + $id = readline("Enter the configuration location (ID): "); + $name = readline("Enter the configuration name: "); + $ip_addr = readline("Enter the IP address: "); + $wifi_channel_24 = readline("Enter the 2.4GHz wifi channel: "); + $wifi_channel_5 = readline("Enter the 5GHz wifi channel: "); + $power_24 = readline("Enter the 2.4GHz power: "); + $power_5 = readline("Enter the 5GHz power: "); + + $provision->addConfig((int) $id, $name, $ip_addr, (int) $wifi_channel_24, (int) $wifi_channel_5, (int) $power_24, (int) $power_5); + break; + case 'set': + $mac = readline("Enter the MAC address: "); + $location = readline("Enter the location ID: "); + $provision->updateMapping($mac, (int) $location); + break; + case 'map': + $mappings = $provision->getMappings(); + echo '===== Mappings ====='.PHP_EOL; + foreach ($mappings as $mac => $location) { + echo "MAC: $mac, Location ID: $location\n"; + } + break; + case 'provision': + $mac = readline("Enter the MAC address: "); + $location = readline("Enter the location ID (empty for autodetect): "); + if (empty($location)) { + $location = null; + } + $conf = $provision->provision($mac, $location); + if (empty($conf)) { + echo 'Failed to provision the device'.PHP_EOL; + break; + } + echo 'Paste the following configuration to the device:'.PHP_EOL; + echo '>>>>>>>>>'. PHP_EOL.PHP_EOL; + echo $conf; + echo PHP_EOL.'<<<<<<<<'.PHP_EOL; + break; + case '?': + case 'help': + echo '===== Commands ====='.PHP_EOL; + echo 'conf - List all locations'.PHP_EOL; + echo 'dev - List all devices'.PHP_EOL; + echo 'map - List all device locations'.PHP_EOL; + echo 'add-dev - Add a device'.PHP_EOL; + echo 'add-conf - Add a configuration'.PHP_EOL; + echo 'provision - Provision a device'.PHP_EOL; + echo 'set - Update a device location'.PHP_EOL; + echo 'exit - Exit the program'.PHP_EOL; + echo 'help / ? - Show this help'.PHP_EOL; + break; + case 'exit': + exit; + default: + echo 'Invalid command'.PHP_EOL; + } +} diff --git a/wifi-provisioning-serverside/index.php b/wifi-provisioning-serverside/index.php new file mode 100644 index 0000000..067cf6b --- /dev/null +++ b/wifi-provisioning-serverside/index.php @@ -0,0 +1,2 @@ +mac ?? 'n/a')); +if (empty($data->mac)) { + + //return 404 + http_response_code(404); + echo json_encode(['error' => 'MAC address is required']); + exit; +} +try { + $provision = new Provision($data->mac); +} catch (Exception $e) { + http_response_code(500); + echo json_encode(['error' => $e->getMessage()]); + exit; +} +$configuration = $provision->provision(); + +if (empty($configuration)) { + http_response_code(404); + echo json_encode(['error' => 'No configuration found']); + exit; +} + +header('Content-Type: text/html'); +syslog(LOG_INFO, 'Provisioned device with MAC: ' . $data->mac); +syslog(LOG_INFO, 'Configuration: ' . $configuration); +echo $configuration;