Src-secu-adm : Différence entre versions

De Wiki_DR13
Aller à : navigation, rechercher
(Ajouter une caméra)
Ligne 205 : Ligne 205 :
 
ex :  
 
ex :  
  
 +
delete interfaces ge-0/0/0 disable
 
  set interfaces ge-0/0/0 description "camera 110"
 
  set interfaces ge-0/0/0 description "camera 110"
 
  set interfaces ge-0/0/0 ether-options auto-negotiation
 
  set interfaces ge-0/0/0 ether-options auto-negotiation

Version du 7 décembre 2016 à 14:23

Vlan 273

10.3.10.0/24

ADV : de .100 à .199

RDM : de .200 à .253


Adresse Nom description
10.3.10.100 sw-secu-RDM cœur coté RDM CV0215291179 / CW0214251166
10.3.10.101 sw-secu-BAT-A CV0216360073
10.3.10.102 sw-secu-BAT-B CV0216360113
10.3.10.103 sw-secu-BAT-C CV0216360116
10.3.10.104 sw-secu-CEFE
10.3.10.105 sw-secu-SERRES
10.3.10.106 sw-secu-SIC CT0216060557
10.3.10.107 sw-secu-IGMM
10.3.10.200 sw-secu-ADV cœur coté ADV
10.3.10.201 sw-secu-gardiens
10.3.10.202 sw-secu-IGH
10.3.10.203 sw-secu-IGF-S

update

Mètre la clé USB puis : 

mount_msdosfs /dev/da1s1 /mnt 
cp /mnt/jinstall-ex-2200-12.3R12.4-domestic-signed.tgz /var/tmp
cli


request system software add /var/tmp/jinstall-ex-2200-12.3R12.4-domestic-signed.tgz reboot

Attendre le reboot puis passer à la configuration

Fichier de conf commut

configure
set system host-name sw-secu-XXX
set system auto-snapshot
set system time-zone Europe/Paris

set system root-authentication encrypted-password bJQVTp3zyWF86

set system login user jgarnier uid 2000
set system login user jgarnier class super-user
set system login user jgarnier authentication encrypted-password "$1$n7//LPfd$lzSdBUgynsE0nCmmzdR.j1"

set system login user jgarnier authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfL2NFG8wbnQ8A0xYE4ScMHbldwNLAIIUNKrd3saKWvnfeYgR37QRBW35G3Hi99S+k6Vr2Z+ekpyxgFGFg/9mbmlz411S3WaV0S/0BGW9fEYUReSl6gXR7IuCPLYVusYpqIHC1ej4UFdgwOdNA6s3urPZX99SHXLlxoUD9OlZJ458bu0UiKaYBA3YON2TsjWcZo7Y63Iekzq2Jrjgk+PFaRXzNpzL8Wv1sGuqX/3r35L8qckIZjFCZSStLI7QEc7yEiPijXUO4KseAD7cxdGgi6obXhmnWvaKpXXOIzACyvwaHR1ZVgQE96HzUtJUzhZsX1EO7pPLYOAMwOVdAPxO5 jgarnier@ssi13JG"

set system login user olivier-durant uid 2001
set system login user olivier-durant class super-user
set system login user olivier-durant authentication encrypted-password "$1$iprLCzhi$ZX68P/i1PWwRnN1dgt0jt."

delete system services dhcp

set system services ssh protocol-version v2
set system services ssh max-sessions-per-connection 32
set system services netconf ssh
set system services web-management https port 443
set system services web-management https system-generated-certificate

set system syslog user * any emergency
set system syslog host 10.1.7.23 any any
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system syslog file default-log-messages any any
set system syslog file default-log-messages match "(requested 'commit' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|cm_device|(Master Unchanged, Members Changed)|(Master Changed, Members Changed)|(Master Detected, Members Changed)|(vc add)|(vc delete)|(Master detected)|(Master changed)|(Backup detected)|(Backup changed)|(interface vcp-)"
set system syslog file default-log-messages structured-data

set system ntp server 10.3.10.1
set chassis aggregated-devices ethernet device-count 1
set chassis alarm management-ethernet link-down ignore
set chassis auto-image-upgrade

set interfaces me0 disable

set interfaces vlan unit 273 description scr-secu-adm
set interfaces vlan unit 273 family inet address 10.3.10.XXX/24

set interfaces ge-0/0/0 disable
set interfaces ge-0/0/1  disable
set interfaces ge-0/0/2  disable
set interfaces ge-0/0/3  disable
set interfaces ge-0/0/4  disable
set interfaces ge-0/0/5  disable
set interfaces ge-0/0/6  disable
set interfaces ge-0/0/7  disable
set interfaces ge-0/0/8  disable
set interfaces ge-0/0/9  disable
set interfaces ge-0/0/10  disable
set interfaces ge-0/0/11  disable
set interfaces ge-0/0/12  disable
set interfaces ge-0/0/13  disable
set interfaces ge-0/0/14  disable
set interfaces ge-0/0/15  disable
set interfaces ge-0/0/16  disable
set interfaces ge-0/0/17  disable
set interfaces ge-0/0/18  disable
set interfaces ge-0/0/19  disable
set interfaces ge-0/0/20  disable
set interfaces ge-0/0/21  disable
set interfaces ge-0/0/22  disable
set interfaces ge-0/0/23  disable 

set interfaces ge-0/1/0 disable
set interfaces ge-0/1/1 disable
set interfaces ge-0/1/2 disable

set interfaces ge-0/1/3 description "uplink"
set interfaces ge-0/1/3 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/1/3 unit 0 family ethernet-switching vlan members src-secu-adm
set interfaces ge-0/1/3 unit 0 family ethernet-switching vlan members src-video
set interfaces ge-0/1/3 unit 0 family ethernet-switching vlan members src-cab

set snmp community cnrsmgmt authorization read-only
set snmp trap-group space targets 10.1.7.25

set routing-options static route 0.0.0.0/0 next-hop 10.3.10.1

set protocols igmp-snooping vlan all

set protocols rstp traceoptions file rstp
set protocols rstp traceoptions file size 100000
set protocols rstp traceoptions file files 10
set protocols rstp traceoptions flag topology-change-state-machine
set protocols rstp traceoptions flag ppmd

set protocols lldp interface all
set protocols lldp-med interface all
set ethernet-switching-options traceoptions file ethernet
set ethernet-switching-options traceoptions file size 100000
set ethernet-switching-options traceoptions file files 10
set ethernet-switching-options traceoptions flag interface
set ethernet-switching-options traceoptions flag stp
set ethernet-switching-options traceoptions flag unknown-unicast-forwarding
set ethernet-switching-options traceoptions flag vlan
set ethernet-switching-options storm-control interface all

set vlans src-secu-adm vlan-id 273
set vlans src-secu-adm l3-interface vlan.273

set vlans src-video description "videosurveillance 10.3.7.0/24"
set vlans src-video vlan-id 271

set vlans src-cab description "controle d'acces batiments 10.3.9.0/24"
set vlans src-cab vlan-id 272

set poe interface all

#delete interfaces me0
delete interfaces vlan unit 0
delete vlans default l3-interface

commit

fin de la conf

Copier la conf de secours : 

request system configuration rescue save

créer le commut sur la supervision : 

configuration / host /add
ajouter host name = Alias (sw-secu-Bat-A)
ajouter IP 
snmp : cnrsmgmt / 2C
monitored from : CAMPUS 
Ajouter 2 host templates : switch Juniper / switch juniper EX ...

SAVE

Aller sur services
Rechercher le commut
désactiver les services / ports non utiliser. NE PAS LES SUPPRIMER
Modifier les noms des services utilisés

relancer les pollers et vérifier les nouveaux services


Ajouter une caméra

ex : 

delete interfaces ge-0/0/0 disable
set interfaces ge-0/0/0 description "camera 110"
set interfaces ge-0/0/0 ether-options auto-negotiation
set interfaces ge-0/0/0 ether-options flow-control
set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members src-video

set protocols rstp interface ge-0/0/0.0 disable

set ethernet-switching-options secure-access-port interface ge-0/0/0.0 mac-limit 1
set ethernet-switching-options secure-access-port interface ge-0/0/0.0 allowed-mac 00:07:5f:81:b4:31
set ethernet-switching-options secure-access-port interface ge-0/0/0.0 persistent-learning

set ethernet-switching-options bpdu-block interface ge-0/0/0.0 drop
Récupérée de « https://wiki.dr13.cnrs.fr/wiki/index.php?title=Src-secu-adm&oldid=8714 »