From 6c447d39d85cefe59a9ef6f8a3f335236a42c478 Mon Sep 17 00:00:00 2001 From: Gabriel Detraz Date: Thu, 4 Jan 2018 23:03:43 +0100 Subject: [PATCH] Support et test d'arp protect --- gestion/config/hp_switchs.py | 24 ++++++++++++++---------- gestion/gen_confs/switch_conf.tpl | 12 +++++++++++- 2 files changed, 25 insertions(+), 11 deletions(-) diff --git a/gestion/config/hp_switchs.py b/gestion/config/hp_switchs.py index 528e7112..6436be57 100644 --- a/gestion/config/hp_switchs.py +++ b/gestion/config/hp_switchs.py @@ -9,6 +9,7 @@ ALL_FEATURES = [ 'POE', 'DHCP_SNOOPING', 'IPv6_MGMT', 'RA_GUARD', 'MLD_SNOOPING', 'SNTP_NEW_SYNTAX', 'GIGABIT', 'OOBM', 'FILTER_MDNS', 'RADIUS_DAE', 'DHCPv6_SNOOPING', 'IGMP_SNOOPING', + 'ARP_PROTECT', ] # Support du PoE(+) @@ -23,6 +24,9 @@ DHCP_SNOOPING = "DHCP Snooping" # Support du DHCPv6 Snooping DHCPv6_SNOOPING = "DHCPv6 Snooping" +#Support ARP protect +ARP_PROTECT = "Arp Protect" + # Support de RA Guard RA_GUARD = "RA Guard" @@ -90,7 +94,7 @@ HP_PROCURVE_MAP = { 'features' : [ IPv6_MGMT, IGMP_SNOOPING, DHCP_SNOOPING, RA_GUARD, MLD_SNOOPING, GIGABIT, SNTP_NEW_SYNTAX, RADIUS_DAE, - FILTER_MDNS, + FILTER_MDNS, ARP_PROTECT, ], 'modules' : ["J9145A"], 'sfp' : range(21, 25), @@ -101,7 +105,7 @@ HP_PROCURVE_MAP = { 'features' : [ IPv6_MGMT, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, RADIUS_DAE, - FILTER_MDNS, + FILTER_MDNS, ARP_PROTECT, ], }, "J9624" : { @@ -110,7 +114,7 @@ HP_PROCURVE_MAP = { 'features' : [ IPv6_MGMT, POE, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, - RADIUS_DAE, FILTER_MDNS, + RADIUS_DAE, FILTER_MDNS, ARP_PROTECT, ], 'sfp' : range(27, 29), 'poe' : range(1, 13), @@ -121,7 +125,7 @@ HP_PROCURVE_MAP = { 'features' : [ IPv6_MGMT, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, RADIUS_DAE, - FILTER_MDNS, + FILTER_MDNS, ARP_PROTECT, ], }, "J9727" : { @@ -130,7 +134,7 @@ HP_PROCURVE_MAP = { 'features' : [ IPv6_MGMT, POE, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, - GIGABIT, OOBM, RADIUS_DAE, FILTER_MDNS, + GIGABIT, OOBM, RADIUS_DAE, FILTER_MDNS, ARP_PROTECT, ], 'modules' : ["J9727A"], 'sfp' : range(21, 25), @@ -142,7 +146,7 @@ HP_PROCURVE_MAP = { 'features' : [ IPv6_MGMT, POE, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, - GIGABIT, RADIUS_DAE, FILTER_MDNS, + GIGABIT, RADIUS_DAE, FILTER_MDNS, ARP_PROTECT, ], 'sfp' : range(49, 53), 'poe' : range(1, 53), @@ -153,7 +157,7 @@ HP_PROCURVE_MAP = { 'features' : [ IPv6_MGMT, POE, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, - GIGABIT, RADIUS_DAE, FILTER_MDNS, + GIGABIT, RADIUS_DAE, FILTER_MDNS, ARP_PROTECT, ], 'sfp' : range(25, 29), 'poe' : range(1, 25), @@ -164,7 +168,7 @@ HP_PROCURVE_MAP = { 'features' : [ IPv6_MGMT, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, GIGABIT, - RADIUS_DAE, FILTER_MDNS, + RADIUS_DAE, FILTER_MDNS, ARP_PROTECT, ], 'sfp' : range(49, 53), }, @@ -174,7 +178,7 @@ HP_PROCURVE_MAP = { 'features' : [ IPv6_MGMT, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, GIGABIT, - RADIUS_DAE, FILTER_MDNS, + RADIUS_DAE, FILTER_MDNS, ARP_PROTECT, ], 'sfp' : range(25, 29), }, @@ -184,7 +188,7 @@ HP_PROCURVE_MAP = { 'features' : [ IPv6_MGMT, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, GIGABIT, - RADIUS_DAE, FILTER_MDNS, + RADIUS_DAE, FILTER_MDNS, ARP_PROTECT, ], 'sfp' : range(9, 11), }, diff --git a/gestion/gen_confs/switch_conf.tpl b/gestion/gen_confs/switch_conf.tpl index 4b588bfe..d47b1aa8 100644 --- a/gestion/gen_confs/switch_conf.tpl +++ b/gestion/gen_confs/switch_conf.tpl @@ -122,6 +122,11 @@ dhcp-snooping authorized-server {{ vconfig['network']['IPv4'].ip + rid }} {%- endfor %} dhcp-snooping {%- endif %} +{%- if ARP_PROTECT in features %} +;--- ARP Protect --- +arp-protect vlan {{ vlans.values()|selectattr("dhcp_snooping")|join(" ", attribute="id") }} +arp-protect +{%- endif %} {%- if DHCPv6_SNOOPING in features %} ;--- DHCPv6 Snooping --- dhcpv6-snooping vlan {{ vlans.values()|selectattr("dhcp_snooping")|join(" ", attribute="id") }} @@ -154,9 +159,14 @@ interface {{ port.num }} enable name "{{ port }}" {{ port.flowcontrol }} - {%- if port.trusted and DHCP_SNOOPING in features %} + {%- if port.trusted %} + {%- if DHCP_SNOOPING in features %} dhcp-snooping trust {%- endif %} + {%- if ARP_PROTECT in features %} + arp-protect trust + {%- endif %} + {%- endif %} {%- if port.trusted and DHCPv6_SNOOPING in features %} dhcpv6-snooping trust {%- endif %} -- GitLab