Src-secu-adm : Différence entre versions
| (15 révisions intermédiaires par 2 utilisateurs non affichées) | |||
| Ligne 16 : | Ligne 16 : | ||
{| class="wikitable sortable" border="1" cellpadding="4" style="background:LightCyan;font-family:Helvetica,arial;font-size:11px;width:60%;" | {| class="wikitable sortable" border="1" cellpadding="4" style="background:LightCyan;font-family:Helvetica,arial;font-size:11px;width:60%;" | ||
| − | ! Adresse !! Nom !! description | + | ! Adresse !! Nom !! modèle !! description |
|- style="background:Azure;" | |- style="background:Azure;" | ||
|- | |- | ||
| − | | 10.3.10. | + | | 10.3.10.20 || sw-secu-ECOTRON || EX2200-24P / EX2200-24T || CV0216360282 |
|- | |- | ||
| − | | 10.3.10.101 || sw-secu-BAT-A || CV0216360073 | + | | || || |
| + | |- | ||
| + | | 10.3.10.100 || sw-secu-RDM || EX2200-24P / EX2200-24T ||cœur coté RDM CV0215291179 / CW0214251166 | ||
| + | |- | ||
| + | | 10.3.10.101 || sw-secu-BAT-A || EX2200-24P || CV0216360073 | ||
| + | |- | ||
| + | | 10.3.10.102 || sw-secu-BAT-B || EX2200-24P || CV0216360113 | ||
| + | |- | ||
| + | | 10.3.10.103 || sw-secu-BAT-C || EX2200-24P || CV0216360116 | ||
| + | |- | ||
| + | | 10.3.10.104 || sw-secu-CEFE || EX2200-48P || CT0216390616 | ||
| + | |- | ||
| + | | 10.3.10.105 || sw-secu-SERRES || EX2200-24P || CV0216360006 | ||
| + | |- | ||
| + | | 10.3.10.106 || sw-secu-SIC || EX2200-48P || CT0216060557 | ||
| + | |- | ||
| + | | 10.3.10.107 || sw-secu-IGMM || EX2200-24P || CV0216360078 | ||
| + | |- | ||
| + | | 10.3.10.108 || sw-secu-SIC-CAB || EX2200-24P || | ||
|- | |- | ||
| − | | 10.3.10. | + | | 10.3.10.109 || sw-secu-BAT-B-1er || EX2200C-24P || |
|- | |- | ||
| − | | 10.3.10. | + | | 10.3.10.120 || sw-secu-balard-coeur || FS3900-24F4S || |
|- | |- | ||
| − | | 10.3.10. | + | | 10.3.10.121 || sw-secu-balard-4H || HPE 1820 J9983A || |
|- | |- | ||
| − | | 10.3.10. | + | | 10.3.10.122 || sw-secu-balard-4D || HPE 1820 J9983A || |
|- | |- | ||
| − | | 10.3.10. | + | | 10.3.10.123 || sw-secu-balard-3H || HPE 1820 J9983A || |
|- | |- | ||
| − | | 10.3.10. | + | | 10.3.10.124 || sw-secu-balard-3D || HPE 1820 J9983A || |
| + | |- | ||
| + | | 10.3.10.125 || sw-secu-balard-2H || HPE 1820 J9983A || | ||
| + | |- | ||
| + | | 10.3.10.126 || sw-secu-balard-2D || HPE 1820 J9983A || | ||
| + | |- | ||
| + | | 10.3.10.127 || sw-secu-balard-1H || HPE 1820 J9983A || | ||
| + | |- | ||
| + | | 10.3.10.128 || sw-secu-balard-1D || HPE 1820 J9983A || | ||
| + | |- | ||
| + | | 10.3.10.129 || sw-secu-balard-rdc || HPE 1820 J9983A || | ||
| + | |- | ||
| + | | 10.3.10.130 || sw-secu-balard-SSOLPAC || HPE 1820 J9983A || | ||
| + | |- | ||
| + | | 10.3.10.131 || sw-secu-balard-SSOLEP || HPE 1820 J9983A || | ||
|- | |- | ||
| || || | | || || | ||
|- | |- | ||
| − | | 10.3.10.200 || sw-secu-ADV || cœur coté ADV | + | | 10.3.10.200 || sw-secu-ADV|| EX2200-24P x2 || cœur coté ADV CV0216360482 / CV0216370172 |
| + | |- | ||
| + | | 10.3.10.201 || sw-secu-gardiens || EX2200-C-12P || GR0216460212 | ||
|- | |- | ||
| − | | 10.3.10. | + | | 10.3.10.202 || sw-secu-IGH || EX2200-48P || CT0216390512 |
|- | |- | ||
| − | | 10.3.10. | + | | 10.3.10.203 || sw-secu-IGF-S || EX2200-48P || CT0216390388 |
|- | |- | ||
| − | | 10.3.10. | + | | 10.3.10.204 || sw-secu-GENOPOLYS || EX2200-24P || CV0216360092 |
|} | |} | ||
| Ligne 51 : | Ligne 85 : | ||
mount_msdosfs /dev/da1s1 /mnt | mount_msdosfs /dev/da1s1 /mnt | ||
| − | cp /mnt/jinstall-ex-2200- | + | cp /mnt/jinstall-ex-2200-15.1R5.5-domestic-signed.tgz /var/tmp |
cli | cli | ||
| − | request system software add /var/tmp/jinstall-ex-2200- | + | request system software add /var/tmp/jinstall-ex-2200-15.1R5.5-domestic-signed.tgz reboot |
Attendre le reboot puis passer à la configuration | Attendre le reboot puis passer à la configuration | ||
| Ligne 231 : | Ligne 265 : | ||
request virtual-chassis vc-port set pic-slot 0 port 22 | request virtual-chassis vc-port set pic-slot 0 port 22 | ||
request virtual-chassis vc-port set pic-slot 0 port 23 | request virtual-chassis vc-port set pic-slot 0 port 23 | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | == commut FIBERSTORE FS3900-24F4S == | ||
| + | |||
| + | voir keypass | ||
| + | |||
| + | attention port série à 115200 baud | ||
| + | |||
| + | sauvegarde : | ||
| + | copy running-config startup-config | ||
| + | nom de fichier : startup-config | ||
| + | |||
| + | |||
| + | |||
| + | . | ||
Version actuelle datée du 22 avril 2021 à 08:57
Sommaire
Supervision[modifier]
Vlan 273[modifier]
10.3.10.0/24
ADV : de .100 à .199
RDM : de .200 à .253
| Adresse | Nom | modèle | description |
|---|---|---|---|
| 10.3.10.20 | sw-secu-ECOTRON | EX2200-24P / EX2200-24T | CV0216360282 |
| 10.3.10.100 | sw-secu-RDM | EX2200-24P / EX2200-24T | cœur coté RDM CV0215291179 / CW0214251166 |
| 10.3.10.101 | sw-secu-BAT-A | EX2200-24P | CV0216360073 |
| 10.3.10.102 | sw-secu-BAT-B | EX2200-24P | CV0216360113 |
| 10.3.10.103 | sw-secu-BAT-C | EX2200-24P | CV0216360116 |
| 10.3.10.104 | sw-secu-CEFE | EX2200-48P | CT0216390616 |
| 10.3.10.105 | sw-secu-SERRES | EX2200-24P | CV0216360006 |
| 10.3.10.106 | sw-secu-SIC | EX2200-48P | CT0216060557 |
| 10.3.10.107 | sw-secu-IGMM | EX2200-24P | CV0216360078 |
| 10.3.10.108 | sw-secu-SIC-CAB | EX2200-24P | |
| 10.3.10.109 | sw-secu-BAT-B-1er | EX2200C-24P | |
| 10.3.10.120 | sw-secu-balard-coeur | FS3900-24F4S | |
| 10.3.10.121 | sw-secu-balard-4H | HPE 1820 J9983A | |
| 10.3.10.122 | sw-secu-balard-4D | HPE 1820 J9983A | |
| 10.3.10.123 | sw-secu-balard-3H | HPE 1820 J9983A | |
| 10.3.10.124 | sw-secu-balard-3D | HPE 1820 J9983A | |
| 10.3.10.125 | sw-secu-balard-2H | HPE 1820 J9983A | |
| 10.3.10.126 | sw-secu-balard-2D | HPE 1820 J9983A | |
| 10.3.10.127 | sw-secu-balard-1H | HPE 1820 J9983A | |
| 10.3.10.128 | sw-secu-balard-1D | HPE 1820 J9983A | |
| 10.3.10.129 | sw-secu-balard-rdc | HPE 1820 J9983A | |
| 10.3.10.130 | sw-secu-balard-SSOLPAC | HPE 1820 J9983A | |
| 10.3.10.131 | sw-secu-balard-SSOLEP | HPE 1820 J9983A | |
| 10.3.10.200 | sw-secu-ADV | EX2200-24P x2 | cœur coté ADV CV0216360482 / CV0216370172 |
| 10.3.10.201 | sw-secu-gardiens | EX2200-C-12P | GR0216460212 |
| 10.3.10.202 | sw-secu-IGH | EX2200-48P | CT0216390512 |
| 10.3.10.203 | sw-secu-IGF-S | EX2200-48P | CT0216390388 |
| 10.3.10.204 | sw-secu-GENOPOLYS | EX2200-24P | CV0216360092 |
update[modifier]
Mètre la clé USB puis :
mount_msdosfs /dev/da1s1 /mnt cp /mnt/jinstall-ex-2200-15.1R5.5-domestic-signed.tgz /var/tmp cli request system software add /var/tmp/jinstall-ex-2200-15.1R5.5-domestic-signed.tgz reboot
Attendre le reboot puis passer à la configuration
Fichier de conf commut[modifier]
configure set system host-name sw-secu-XXX set system auto-snapshot set system time-zone Europe/Paris set system root-authentication encrypted-password bJQVTp3zyWF86 set system login user jgarnier uid 2000 set system login user jgarnier class super-user set system login user jgarnier authentication encrypted-password "$1$n7//LPfd$lzSdBUgynsE0nCmmzdR.j1" set system login user jgarnier authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfL2NFG8wbnQ8A0xYE4ScMHbldwNLAIIUNKrd3saKWvnfeYgR37QRBW35G3Hi99S+k6Vr2Z+ekpyxgFGFg/9mbmlz411S3WaV0S/0BGW9fEYUReSl6gXR7IuCPLYVusYpqIHC1ej4UFdgwOdNA6s3urPZX99SHXLlxoUD9OlZJ458bu0UiKaYBA3YON2TsjWcZo7Y63Iekzq2Jrjgk+PFaRXzNpzL8Wv1sGuqX/3r35L8qckIZjFCZSStLI7QEc7yEiPijXUO4KseAD7cxdGgi6obXhmnWvaKpXXOIzACyvwaHR1ZVgQE96HzUtJUzhZsX1EO7pPLYOAMwOVdAPxO5 jgarnier@ssi13JG" set system login user olivier-durant uid 2001 set system login user olivier-durant class super-user set system login user olivier-durant authentication encrypted-password "$1$iprLCzhi$ZX68P/i1PWwRnN1dgt0jt." delete system services dhcp set system services ssh protocol-version v2 set system services ssh max-sessions-per-connection 32 set system services netconf ssh set system services web-management https port 443 set system services web-management https system-generated-certificate set system syslog user * any emergency set system syslog host 10.1.7.23 any any set system syslog file messages any notice set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set system syslog file default-log-messages any any set system syslog file default-log-messages match "(requested 'commit' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|cm_device|(Master Unchanged, Members Changed)|(Master Changed, Members Changed)|(Master Detected, Members Changed)|(vc add)|(vc delete)|(Master detected)|(Master changed)|(Backup detected)|(Backup changed)|(interface vcp-)" set system syslog file default-log-messages structured-data set system ntp server 10.3.10.1 set chassis aggregated-devices ethernet device-count 1 set chassis alarm management-ethernet link-down ignore set chassis auto-image-upgrade set interfaces me0 disable set interfaces vlan unit 273 description scr-secu-adm set interfaces vlan unit 273 family inet address 10.3.10.XXX/24 set interfaces ge-0/0/0 disable set interfaces ge-0/0/1 disable set interfaces ge-0/0/2 disable set interfaces ge-0/0/3 disable set interfaces ge-0/0/4 disable set interfaces ge-0/0/5 disable set interfaces ge-0/0/6 disable set interfaces ge-0/0/7 disable set interfaces ge-0/0/8 disable set interfaces ge-0/0/9 disable set interfaces ge-0/0/10 disable set interfaces ge-0/0/11 disable set interfaces ge-0/0/12 disable set interfaces ge-0/0/13 disable set interfaces ge-0/0/14 disable set interfaces ge-0/0/15 disable set interfaces ge-0/0/16 disable set interfaces ge-0/0/17 disable set interfaces ge-0/0/18 disable set interfaces ge-0/0/19 disable set interfaces ge-0/0/20 disable set interfaces ge-0/0/21 disable set interfaces ge-0/0/22 disable set interfaces ge-0/0/23 disable set interfaces ge-0/1/0 disable set interfaces ge-0/1/1 disable set interfaces ge-0/1/2 disable set interfaces ge-0/1/3 description "uplink" set interfaces ge-0/1/3 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/1/3 unit 0 family ethernet-switching vlan members src-secu-adm set interfaces ge-0/1/3 unit 0 family ethernet-switching vlan members src-video set interfaces ge-0/1/3 unit 0 family ethernet-switching vlan members src-cab set snmp community cnrsmgmt authorization read-only set snmp trap-group space targets 10.1.7.25 set routing-options static route 0.0.0.0/0 next-hop 10.3.10.1 set protocols igmp-snooping vlan all set protocols rstp traceoptions file rstp set protocols rstp traceoptions file size 100000 set protocols rstp traceoptions file files 10 set protocols rstp traceoptions flag topology-change-state-machine set protocols rstp traceoptions flag ppmd set protocols lldp interface all set protocols lldp-med interface all set ethernet-switching-options traceoptions file ethernet set ethernet-switching-options traceoptions file size 100000 set ethernet-switching-options traceoptions file files 10 set ethernet-switching-options traceoptions flag interface set ethernet-switching-options traceoptions flag stp set ethernet-switching-options traceoptions flag unknown-unicast-forwarding set ethernet-switching-options traceoptions flag vlan set ethernet-switching-options storm-control interface all set vlans src-secu-adm vlan-id 273 set vlans src-secu-adm l3-interface vlan.273 set vlans src-video description "videosurveillance 10.3.7.0/24" set vlans src-video vlan-id 271 set vlans src-cab description "controle d'acces batiments 10.3.9.0/24" set vlans src-cab vlan-id 272 set poe interface all #delete interfaces me0 delete interfaces vlan unit 0 delete vlans default l3-interface commit
fin de la conf[modifier]
Copier la conf de secours :
request system configuration rescue save
créer le commut sur la supervision :
configuration / host /add ajouter host name = Alias (sw-secu-Bat-A) ajouter IP snmp : cnrsmgmt / 2C monitored from : CAMPUS Ajouter 2 host templates : switch Juniper / switch juniper EX ...
SAVE
Aller sur services Rechercher le commut désactiver les services / ports non utiliser. NE PAS LES SUPPRIMER Modifier les noms des services utilisés
relancer les pollers et vérifier les nouveaux services
Ajouter une caméra[modifier]
ex :
delete interfaces ge-0/0/0 disable set interfaces ge-0/0/0 description "camera 110" set interfaces ge-0/0/0 ether-options auto-negotiation set interfaces ge-0/0/0 ether-options flow-control set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode access set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members src-video set protocols rstp interface ge-0/0/0.0 disable set ethernet-switching-options secure-access-port interface ge-0/0/0.0 mac-limit 1 set ethernet-switching-options secure-access-port interface ge-0/0/0.0 allowed-mac 00:07:5f:81:b4:31 set ethernet-switching-options secure-access-port interface ge-0/0/0.0 persistent-learning set ethernet-switching-options bpdu-block interface ge-0/0/0.0 drop
Ajouter les VC ports[modifier]
request virtual-chassis vc-port set pic-slot 0 port 22 request virtual-chassis vc-port set pic-slot 0 port 23
commut FIBERSTORE FS3900-24F4S[modifier]
voir keypass
attention port série à 115200 baud
sauvegarde : copy running-config startup-config nom de fichier : startup-config
.
