Src-secu-adm
Sommaire
Supervision
Vlan 273
10.3.10.0/24
ADV : de .100 à .199
RDM : de .200 à .253
| Adresse | Nom | modèle | description |
|---|---|---|---|
| 10.3.10.20 | sw-secu-ECOTRON | EX2200-24P / EX2200-24T | |
| 10.3.10.100 | sw-secu-RDM | EX2200-24P / EX2200-24T | cœur coté RDM CV0215291179 / CW0214251166 |
| 10.3.10.101 | sw-secu-BAT-A | EX2200-24P | CV0216360073 |
| 10.3.10.102 | sw-secu-BAT-B | EX2200-24P | CV0216360113 |
| 10.3.10.103 | sw-secu-BAT-C | EX2200-24P | CV0216360116 |
| 10.3.10.104 | sw-secu-CEFE | EX2200-48P | CT0216390616 |
| 10.3.10.105 | sw-secu-SERRES | EX2200-24P | CV0216360006 |
| 10.3.10.106 | sw-secu-SIC | EX2200-48P | CT0216060557 |
| 10.3.10.107 | sw-secu-IGMM | EX2200-24P | CV0216360078 |
| 10.3.10.200 | sw-secu-ADV | EX2200-24P x2 | cœur coté ADV CV0216360482 / CV0216370172 |
| 10.3.10.201 | sw-secu-gardiens | EX2200-C-12P | GR0216460212 |
| 10.3.10.202 | sw-secu-IGH | EX2200-48P | CT0216390512 |
| 10.3.10.203 | sw-secu-IGF-S | EX2200-48P | CT0216390388 |
update
Mètre la clé USB puis :
mount_msdosfs /dev/da1s1 /mnt cp /mnt/jinstall-ex-2200-12.3R12.4-domestic-signed.tgz /var/tmp cli request system software add /var/tmp/jinstall-ex-2200-12.3R12.4-domestic-signed.tgz reboot
Attendre le reboot puis passer à la configuration
Fichier de conf commut
configure set system host-name sw-secu-XXX set system auto-snapshot set system time-zone Europe/Paris set system root-authentication encrypted-password bJQVTp3zyWF86 set system login user jgarnier uid 2000 set system login user jgarnier class super-user set system login user jgarnier authentication encrypted-password "$1$n7//LPfd$lzSdBUgynsE0nCmmzdR.j1" set system login user jgarnier authentication ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfL2NFG8wbnQ8A0xYE4ScMHbldwNLAIIUNKrd3saKWvnfeYgR37QRBW35G3Hi99S+k6Vr2Z+ekpyxgFGFg/9mbmlz411S3WaV0S/0BGW9fEYUReSl6gXR7IuCPLYVusYpqIHC1ej4UFdgwOdNA6s3urPZX99SHXLlxoUD9OlZJ458bu0UiKaYBA3YON2TsjWcZo7Y63Iekzq2Jrjgk+PFaRXzNpzL8Wv1sGuqX/3r35L8qckIZjFCZSStLI7QEc7yEiPijXUO4KseAD7cxdGgi6obXhmnWvaKpXXOIzACyvwaHR1ZVgQE96HzUtJUzhZsX1EO7pPLYOAMwOVdAPxO5 jgarnier@ssi13JG" set system login user olivier-durant uid 2001 set system login user olivier-durant class super-user set system login user olivier-durant authentication encrypted-password "$1$iprLCzhi$ZX68P/i1PWwRnN1dgt0jt." delete system services dhcp set system services ssh protocol-version v2 set system services ssh max-sessions-per-connection 32 set system services netconf ssh set system services web-management https port 443 set system services web-management https system-generated-certificate set system syslog user * any emergency set system syslog host 10.1.7.23 any any set system syslog file messages any notice set system syslog file messages authorization info set system syslog file interactive-commands interactive-commands any set system syslog file default-log-messages any any set system syslog file default-log-messages match "(requested 'commit' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|cm_device|(Master Unchanged, Members Changed)|(Master Changed, Members Changed)|(Master Detected, Members Changed)|(vc add)|(vc delete)|(Master detected)|(Master changed)|(Backup detected)|(Backup changed)|(interface vcp-)" set system syslog file default-log-messages structured-data set system ntp server 10.3.10.1 set chassis aggregated-devices ethernet device-count 1 set chassis alarm management-ethernet link-down ignore set chassis auto-image-upgrade set interfaces me0 disable set interfaces vlan unit 273 description scr-secu-adm set interfaces vlan unit 273 family inet address 10.3.10.XXX/24 set interfaces ge-0/0/0 disable set interfaces ge-0/0/1 disable set interfaces ge-0/0/2 disable set interfaces ge-0/0/3 disable set interfaces ge-0/0/4 disable set interfaces ge-0/0/5 disable set interfaces ge-0/0/6 disable set interfaces ge-0/0/7 disable set interfaces ge-0/0/8 disable set interfaces ge-0/0/9 disable set interfaces ge-0/0/10 disable set interfaces ge-0/0/11 disable set interfaces ge-0/0/12 disable set interfaces ge-0/0/13 disable set interfaces ge-0/0/14 disable set interfaces ge-0/0/15 disable set interfaces ge-0/0/16 disable set interfaces ge-0/0/17 disable set interfaces ge-0/0/18 disable set interfaces ge-0/0/19 disable set interfaces ge-0/0/20 disable set interfaces ge-0/0/21 disable set interfaces ge-0/0/22 disable set interfaces ge-0/0/23 disable set interfaces ge-0/1/0 disable set interfaces ge-0/1/1 disable set interfaces ge-0/1/2 disable set interfaces ge-0/1/3 description "uplink" set interfaces ge-0/1/3 unit 0 family ethernet-switching port-mode trunk set interfaces ge-0/1/3 unit 0 family ethernet-switching vlan members src-secu-adm set interfaces ge-0/1/3 unit 0 family ethernet-switching vlan members src-video set interfaces ge-0/1/3 unit 0 family ethernet-switching vlan members src-cab set snmp community cnrsmgmt authorization read-only set snmp trap-group space targets 10.1.7.25 set routing-options static route 0.0.0.0/0 next-hop 10.3.10.1 set protocols igmp-snooping vlan all set protocols rstp traceoptions file rstp set protocols rstp traceoptions file size 100000 set protocols rstp traceoptions file files 10 set protocols rstp traceoptions flag topology-change-state-machine set protocols rstp traceoptions flag ppmd set protocols lldp interface all set protocols lldp-med interface all set ethernet-switching-options traceoptions file ethernet set ethernet-switching-options traceoptions file size 100000 set ethernet-switching-options traceoptions file files 10 set ethernet-switching-options traceoptions flag interface set ethernet-switching-options traceoptions flag stp set ethernet-switching-options traceoptions flag unknown-unicast-forwarding set ethernet-switching-options traceoptions flag vlan set ethernet-switching-options storm-control interface all set vlans src-secu-adm vlan-id 273 set vlans src-secu-adm l3-interface vlan.273 set vlans src-video description "videosurveillance 10.3.7.0/24" set vlans src-video vlan-id 271 set vlans src-cab description "controle d'acces batiments 10.3.9.0/24" set vlans src-cab vlan-id 272 set poe interface all #delete interfaces me0 delete interfaces vlan unit 0 delete vlans default l3-interface commit
fin de la conf
Copier la conf de secours :
request system configuration rescue save
créer le commut sur la supervision :
configuration / host /add ajouter host name = Alias (sw-secu-Bat-A) ajouter IP snmp : cnrsmgmt / 2C monitored from : CAMPUS Ajouter 2 host templates : switch Juniper / switch juniper EX ...
SAVE
Aller sur services Rechercher le commut désactiver les services / ports non utiliser. NE PAS LES SUPPRIMER Modifier les noms des services utilisés
relancer les pollers et vérifier les nouveaux services
Ajouter une caméra
ex :
delete interfaces ge-0/0/0 disable set interfaces ge-0/0/0 description "camera 110" set interfaces ge-0/0/0 ether-options auto-negotiation set interfaces ge-0/0/0 ether-options flow-control set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode access set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members src-video set protocols rstp interface ge-0/0/0.0 disable set ethernet-switching-options secure-access-port interface ge-0/0/0.0 mac-limit 1 set ethernet-switching-options secure-access-port interface ge-0/0/0.0 allowed-mac 00:07:5f:81:b4:31 set ethernet-switching-options secure-access-port interface ge-0/0/0.0 persistent-learning set ethernet-switching-options bpdu-block interface ge-0/0/0.0 drop
Ajouter les VC ports
request virtual-chassis vc-port set pic-slot 0 port 22 request virtual-chassis vc-port set pic-slot 0 port 23
