Commit 6c447d39 authored by Gabriel Detraz's avatar Gabriel Detraz

Support et test d'arp protect

parent efa97af7
...@@ -9,6 +9,7 @@ ALL_FEATURES = [ ...@@ -9,6 +9,7 @@ ALL_FEATURES = [
'POE', 'DHCP_SNOOPING', 'IPv6_MGMT', 'RA_GUARD', 'POE', 'DHCP_SNOOPING', 'IPv6_MGMT', 'RA_GUARD',
'MLD_SNOOPING', 'SNTP_NEW_SYNTAX', 'GIGABIT', 'OOBM', 'MLD_SNOOPING', 'SNTP_NEW_SYNTAX', 'GIGABIT', 'OOBM',
'FILTER_MDNS', 'RADIUS_DAE', 'DHCPv6_SNOOPING', 'IGMP_SNOOPING', 'FILTER_MDNS', 'RADIUS_DAE', 'DHCPv6_SNOOPING', 'IGMP_SNOOPING',
'ARP_PROTECT',
] ]
# Support du PoE(+) # Support du PoE(+)
...@@ -23,6 +24,9 @@ DHCP_SNOOPING = "DHCP Snooping" ...@@ -23,6 +24,9 @@ DHCP_SNOOPING = "DHCP Snooping"
# Support du DHCPv6 Snooping # Support du DHCPv6 Snooping
DHCPv6_SNOOPING = "DHCPv6 Snooping" DHCPv6_SNOOPING = "DHCPv6 Snooping"
#Support ARP protect
ARP_PROTECT = "Arp Protect"
# Support de RA Guard # Support de RA Guard
RA_GUARD = "RA Guard" RA_GUARD = "RA Guard"
...@@ -90,7 +94,7 @@ HP_PROCURVE_MAP = { ...@@ -90,7 +94,7 @@ HP_PROCURVE_MAP = {
'features' : [ 'features' : [
IPv6_MGMT, IGMP_SNOOPING, DHCP_SNOOPING, RA_GUARD, IPv6_MGMT, IGMP_SNOOPING, DHCP_SNOOPING, RA_GUARD,
MLD_SNOOPING, GIGABIT, SNTP_NEW_SYNTAX, RADIUS_DAE, MLD_SNOOPING, GIGABIT, SNTP_NEW_SYNTAX, RADIUS_DAE,
FILTER_MDNS, FILTER_MDNS, ARP_PROTECT,
], ],
'modules' : ["J9145A"], 'modules' : ["J9145A"],
'sfp' : range(21, 25), 'sfp' : range(21, 25),
...@@ -101,7 +105,7 @@ HP_PROCURVE_MAP = { ...@@ -101,7 +105,7 @@ HP_PROCURVE_MAP = {
'features' : [ 'features' : [
IPv6_MGMT, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD, IPv6_MGMT, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD,
MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, RADIUS_DAE, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, RADIUS_DAE,
FILTER_MDNS, FILTER_MDNS, ARP_PROTECT,
], ],
}, },
"J9624" : { "J9624" : {
...@@ -110,7 +114,7 @@ HP_PROCURVE_MAP = { ...@@ -110,7 +114,7 @@ HP_PROCURVE_MAP = {
'features' : [ 'features' : [
IPv6_MGMT, POE, DHCP_SNOOPING, DHCPv6_SNOOPING, IPv6_MGMT, POE, DHCP_SNOOPING, DHCPv6_SNOOPING,
RA_GUARD, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, RA_GUARD, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX,
RADIUS_DAE, FILTER_MDNS, RADIUS_DAE, FILTER_MDNS, ARP_PROTECT,
], ],
'sfp' : range(27, 29), 'sfp' : range(27, 29),
'poe' : range(1, 13), 'poe' : range(1, 13),
...@@ -121,7 +125,7 @@ HP_PROCURVE_MAP = { ...@@ -121,7 +125,7 @@ HP_PROCURVE_MAP = {
'features' : [ 'features' : [
IPv6_MGMT, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD, IPv6_MGMT, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD,
MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, RADIUS_DAE, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, RADIUS_DAE,
FILTER_MDNS, FILTER_MDNS, ARP_PROTECT,
], ],
}, },
"J9727" : { "J9727" : {
...@@ -130,7 +134,7 @@ HP_PROCURVE_MAP = { ...@@ -130,7 +134,7 @@ HP_PROCURVE_MAP = {
'features' : [ 'features' : [
IPv6_MGMT, POE, DHCP_SNOOPING, DHCPv6_SNOOPING, IPv6_MGMT, POE, DHCP_SNOOPING, DHCPv6_SNOOPING,
RA_GUARD, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, RA_GUARD, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX,
GIGABIT, OOBM, RADIUS_DAE, FILTER_MDNS, GIGABIT, OOBM, RADIUS_DAE, FILTER_MDNS, ARP_PROTECT,
], ],
'modules' : ["J9727A"], 'modules' : ["J9727A"],
'sfp' : range(21, 25), 'sfp' : range(21, 25),
...@@ -142,7 +146,7 @@ HP_PROCURVE_MAP = { ...@@ -142,7 +146,7 @@ HP_PROCURVE_MAP = {
'features' : [ 'features' : [
IPv6_MGMT, POE, DHCP_SNOOPING, DHCPv6_SNOOPING, IPv6_MGMT, POE, DHCP_SNOOPING, DHCPv6_SNOOPING,
RA_GUARD, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, RA_GUARD, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX,
GIGABIT, RADIUS_DAE, FILTER_MDNS, GIGABIT, RADIUS_DAE, FILTER_MDNS, ARP_PROTECT,
], ],
'sfp' : range(49, 53), 'sfp' : range(49, 53),
'poe' : range(1, 53), 'poe' : range(1, 53),
...@@ -153,7 +157,7 @@ HP_PROCURVE_MAP = { ...@@ -153,7 +157,7 @@ HP_PROCURVE_MAP = {
'features' : [ 'features' : [
IPv6_MGMT, POE, DHCP_SNOOPING, DHCPv6_SNOOPING, IPv6_MGMT, POE, DHCP_SNOOPING, DHCPv6_SNOOPING,
RA_GUARD, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, RA_GUARD, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX,
GIGABIT, RADIUS_DAE, FILTER_MDNS, GIGABIT, RADIUS_DAE, FILTER_MDNS, ARP_PROTECT,
], ],
'sfp' : range(25, 29), 'sfp' : range(25, 29),
'poe' : range(1, 25), 'poe' : range(1, 25),
...@@ -164,7 +168,7 @@ HP_PROCURVE_MAP = { ...@@ -164,7 +168,7 @@ HP_PROCURVE_MAP = {
'features' : [ 'features' : [
IPv6_MGMT, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD, IPv6_MGMT, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD,
MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, GIGABIT, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, GIGABIT,
RADIUS_DAE, FILTER_MDNS, RADIUS_DAE, FILTER_MDNS, ARP_PROTECT,
], ],
'sfp' : range(49, 53), 'sfp' : range(49, 53),
}, },
...@@ -174,7 +178,7 @@ HP_PROCURVE_MAP = { ...@@ -174,7 +178,7 @@ HP_PROCURVE_MAP = {
'features' : [ 'features' : [
IPv6_MGMT, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD, IPv6_MGMT, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD,
MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, GIGABIT, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, GIGABIT,
RADIUS_DAE, FILTER_MDNS, RADIUS_DAE, FILTER_MDNS, ARP_PROTECT,
], ],
'sfp' : range(25, 29), 'sfp' : range(25, 29),
}, },
...@@ -184,7 +188,7 @@ HP_PROCURVE_MAP = { ...@@ -184,7 +188,7 @@ HP_PROCURVE_MAP = {
'features' : [ 'features' : [
IPv6_MGMT, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD, IPv6_MGMT, DHCP_SNOOPING, DHCPv6_SNOOPING, RA_GUARD,
MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, GIGABIT, MLD_SNOOPING, IGMP_SNOOPING, SNTP_NEW_SYNTAX, GIGABIT,
RADIUS_DAE, FILTER_MDNS, RADIUS_DAE, FILTER_MDNS, ARP_PROTECT,
], ],
'sfp' : range(9, 11), 'sfp' : range(9, 11),
}, },
......
...@@ -122,6 +122,11 @@ dhcp-snooping authorized-server {{ vconfig['network']['IPv4'].ip + rid }} ...@@ -122,6 +122,11 @@ dhcp-snooping authorized-server {{ vconfig['network']['IPv4'].ip + rid }}
{%- endfor %} {%- endfor %}
dhcp-snooping dhcp-snooping
{%- endif %} {%- endif %}
{%- if ARP_PROTECT in features %}
;--- ARP Protect ---
arp-protect vlan {{ vlans.values()|selectattr("dhcp_snooping")|join(" ", attribute="id") }}
arp-protect
{%- endif %}
{%- if DHCPv6_SNOOPING in features %} {%- if DHCPv6_SNOOPING in features %}
;--- DHCPv6 Snooping --- ;--- DHCPv6 Snooping ---
dhcpv6-snooping vlan {{ vlans.values()|selectattr("dhcp_snooping")|join(" ", attribute="id") }} dhcpv6-snooping vlan {{ vlans.values()|selectattr("dhcp_snooping")|join(" ", attribute="id") }}
...@@ -154,9 +159,14 @@ interface {{ port.num }} ...@@ -154,9 +159,14 @@ interface {{ port.num }}
enable enable
name "{{ port }}" name "{{ port }}"
{{ port.flowcontrol }} {{ port.flowcontrol }}
{%- if port.trusted and DHCP_SNOOPING in features %} {%- if port.trusted %}
{%- if DHCP_SNOOPING in features %}
dhcp-snooping trust dhcp-snooping trust
{%- endif %} {%- endif %}
{%- if ARP_PROTECT in features %}
arp-protect trust
{%- endif %}
{%- endif %}
{%- if port.trusted and DHCPv6_SNOOPING in features %} {%- if port.trusted and DHCPv6_SNOOPING in features %}
dhcpv6-snooping trust dhcpv6-snooping trust
{%- endif %} {%- endif %}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment