diff --git a/hosts/dns/zones/db.42.10.in-addr.arpa. b/hosts/dns/zones/db.42.10.in-addr.arpa. index 319b014..efccda4 100644 --- a/hosts/dns/zones/db.42.10.in-addr.arpa. +++ b/hosts/dns/zones/db.42.10.in-addr.arpa. @@ -46,6 +46,7 @@ $TTL 3600 10.42.42.25.in-addr.arpa. IN PTR sw-buehne.bula22.de. 10.42.42.26.in-addr.arpa. IN PTR sw-trabantenstadt.bula22.de. 10.42.42.27.in-addr.arpa. IN PTR sw-bll.bula22.de. +10.42.42.28.in-addr.arpa. IN PTR sw-finanzen.bula22.de. 10.42.42.125.in-addr.arpa. IN PTR pbs.bula22.de. ; Network Gateways @@ -68,4 +69,7 @@ $TTL 3600 #other 10.42.132.2.in-addr.arpa. IN PTR omm.bula22.de. 10.42.151.2.in-addr.arpa. IN PTR webcam.bula22.de. -10.42.212.2.in-addr.arpa. IN PTR drucker.bula22.de. \ No newline at end of file +<<<<<<< Updated upstream +10.42.212.2.in-addr.arpa. IN PTR drucker.bula22.de. +======= +>>>>>>> Stashed changes diff --git a/hosts/dns/zones/db.bula22.de b/hosts/dns/zones/db.bula22.de index d7682f2..2c46e24 100644 --- a/hosts/dns/zones/db.bula22.de +++ b/hosts/dns/zones/db.bula22.de @@ -77,6 +77,7 @@ sw-waschhaus.bula22.de. IN A 10.42.42.24 sw-buehne.bula22.de. IN A 10.42.42.25 sw-trabantenstadt.bula22.de. IN A 10.42.42.26 sw-bll.bula22.de. IN A 10.42.42.27 +sw-finanzen.bula22.de. IN A 10.42.42.28 pbs.bula22.de. IN A 10.42.42.125 ; Network Gateways diff --git a/switchconfig/sw-technik-container b/switchconfig/sw-technik-container index 7e05ef3..fe04da6 100644 --- a/switchconfig/sw-technik-container +++ b/switchconfig/sw-technik-container @@ -1,16 +1,38 @@ -version 15.1R7-S6.3 +## Last changed: 2020-01-04 09:14:54 UTC +version 15.1R7-S6.3; system { host-name sw-technik-container; auto-snapshot; + domain-name bula22.de; + domain-search bula22.de; root-authentication { - encrypted-password "$1$DAjLGZX7$sHIjgeZhXhq/IcgRKOWy20"; ## SECRET-DATA - ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8xqVakxJ+AwcIrS/wyL03N++pE09epwMFlIMXWvlpwwEp1J/0H7nygwxk/9LIZdabs/ETWn0s8oHAkc7YR1c6ajSTCDiZEYATAWt7t8t4Gw/80c8u8T50lIqmiDEEVbOVv3Vta/pAN4hAUp9U5DpYCkQbvF+NKKcK3Yp8d9usNC6ohqgTK+IGAEdMhvpbbNppDMXoWHuynBzUX7TS6ST6yEr0tD+CBbCpbfcMuwTI3lNtfywEVpuFaeHqDZx2QDrEX4bg0dRKgQstbXYdqmBfnOiBpUr8Wyl8U1J24rN+E07pBw/8KDGWbVg19/Ex8o4ht/p5voUfKVjD/DwWXTLntBirjfAgQAm4GH/qP4x3zNiTtlYlQFbXSk6VEVrTrxCB5rTWvGnhg31tk5P3YwvagDmGABazY5s/8tlttSc1yWBctWQJCjxSqcCLekxG4D1rVuGKCKOZgflQ9QFdQlKycInPBek3zi0i3GYkE1YnNFye5ggOnxT8qGuKjfdtZI9qvMJQO8lbEDzbYQvNns1V/k4ZobiihYwrG5TJUzZFEpMYetDK6tI8BRU11d+ja0jWzguj5/7wc0nrr/BiZ8FkAr2fZ60j2aI5kG0s3qjbrQbB/RXaGP9hRU0+480+IokNJJIcjv5iwH5ophdrjC8GH4So2kPPt0NXob1yNysdjw== n0emis@noemis.me (OLD)"; ## SECRET-DATA - ssh-ed25519 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcOPtW5FWNIdlMQFoqeyA1vHw+cA8ft8oXSbXPzQNL9 n0emis@n0emis.eu"; ## SECRET-DATA + encrypted-password "$1$DAjLGZX7$sHIjgeZhXhq/IcgRKOWy20"; + ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8xqVakxJ+AwcIrS/wyL03N++pE09epwMFlIMXWvlpwwEp1J/0H7nygwxk/9LIZdabs/ETWn0s8oHAkc7YR1c6ajSTCDiZEYATAWt7t8t4Gw/80c8u8T50lIqmiDEEVbOVv3Vta/pAN4hAUp9U5DpYCkQbvF+NKKcK3Yp8d9usNC6ohqgTK+IGAEdMhvpbbNppDMXoWHuynBzUX7TS6ST6yEr0tD+CBbCpbfcMuwTI3lNtfywEVpuFaeHqDZx2QDrEX4bg0dRKgQstbXYdqmBfnOiBpUr8Wyl8U1J24rN+E07pBw/8KDGWbVg19/Ex8o4ht/p5voUfKVjD/DwWXTLntBirjfAgQAm4GH/qP4x3zNiTtlYlQFbXSk6VEVrTrxCB5rTWvGnhg31tk5P3YwvagDmGABazY5s/8tlttSc1yWBctWQJCjxSqcCLekxG4D1rVuGKCKOZgflQ9QFdQlKycInPBek3zi0i3GYkE1YnNFye5ggOnxT8qGuKjfdtZI9qvMJQO8lbEDzbYQvNns1V/k4ZobiihYwrG5TJUzZFEpMYetDK6tI8BRU11d+ja0jWzguj5/7wc0nrr/BiZ8FkAr2fZ60j2aI5kG0s3qjbrQbB/RXaGP9hRU0+480+IokNJJIcjv5iwH5ophdrjC8GH4So2kPPt0NXob1yNysdjw== n0emis@noemis.me (OLD)"; + ssh-ed25519 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcOPtW5FWNIdlMQFoqeyA1vHw+cA8ft8oXSbXPzQNL9 n0emis@n0emis.eu"; + } + name-server { + 10.42.10.8; + } + login { + user fw { + uid 2000; + class super-user; + authentication { + ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMTsFE90WT+fvRnIuIBbjLJA2Hyne6duD306+Yg3z9yVTSCQxpFcolEwRQi5X4hsb3WdlW+YtvShXcFVNi7gtgSyIsgT1+YqpR+qIC+/r2h6NeA92dztigpbznOm9oL8vOP45S9fHedJ57E/UosYW2/du4W+6U+xH1ItyQx6AiJAj/RPpLWJz9FhP99Qwp6YiPAkxujgXtOMwX0xFmiQPv9QzBaD9jOKK0vE26IFX5RYAqontVgWGn6EdceR70vTQBcAsFYMS0sc9311H2wBfOptznyIZNInAsppaGNDMdOx9SdMVDZ6GDlOCsLvHq6+ra1jGdlwtgduVQeEpHmmjD"; + } + } } services { ssh; } } +chassis { + alarm { + management-ethernet { + link-down ignore; + } + } +} interfaces { ge-0/0/0 { unit 0 { @@ -177,48 +199,17 @@ ethernet-switching-options { } } vlans { - VL_MGMT { - vlan-id 42; - l3-interface vlan.42 - } - VL_WLAN { - vlan-id 131; - } VL_DECT { vlan-id 132; } - VL_SIP { - vlan-id 133; - } - VL_IOT { - vlan-id 151; - } - VL_IKT_TOYS { - vlan-id 152; - } - VL_IKT { - vlan-id 201; - } - VL_TECHNIK { - vlan-id 202; - } VL_HOSPITAL { vlan-id 203; } - VL_ZOLL { - vlan-id 204; + VL_IKT { + vlan-id 201; } - VL_LEITSTELLE { - vlan-id 205; - } - VL_VERWALTUNG { - vlan-id 206; - } - VL_ZENTRAL { - vlan-id 207; - } - VL_YOLO { - vlan-id 208; + VL_IKT_TOYS { + vlan-id 152; } VL_INFOJURTE { vlan-id 209; @@ -226,10 +217,41 @@ vlans { VL_INTERNATIONAL { vlan-id 210; } - VL_PROGRAMM { - vlan-id 211; + VL_IOT { + vlan-id 151; + } + VL_LEITSTELLE { + vlan-id 205; + } + VL_MGMT { + vlan-id 42; + l3-interface vlan.42; } VL_OFFICE { vlan-id 212; } + VL_PROGRAMM { + vlan-id 211; + } + VL_SIP { + vlan-id 133; + } + VL_TECHNIK { + vlan-id 202; + } + VL_VERWALTUNG { + vlan-id 206; + } + VL_WLAN { + vlan-id 131; + } + VL_YOLO { + vlan-id 208; + } + VL_ZENTRAL { + vlan-id 207; + } + VL_ZOLL { + vlan-id 204; + } } diff --git a/switchconfig/sw-verwaltung b/switchconfig/sw-verwaltung index 7177b95..8729b1a 100644 --- a/switchconfig/sw-verwaltung +++ b/switchconfig/sw-verwaltung @@ -1,22 +1,254 @@ -version 15.1R7-S13; +## Last changed: 2022-07-25 16:03:57 UTC +version 12.3R12.4; system { host-name sw-verwaltung; auto-snapshot; + domain-name bula22.de; + domain-search bula22.de; root-authentication { - encrypted-password "$1$DAjLGZX7$sHIjgeZhXhq/IcgRKOWy20"; ## SECRET-DATA - ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8xqVakxJ+AwcIrS/wyL03N++pE09epwMFlIMXWvlpwwEp1J/0H7nygwxk/9LIZdabs/ETWn0s8oHAkc7YR1c6ajSTCDiZEYATAWt7t8t4Gw/80c8u8T50lIqmiDEEVbOVv3Vta/pAN4hAUp9U5DpYCkQbvF+NKKcK3Yp8d9usNC6ohqgTK+IGAEdMhvpbbNppDMXoWHuynBzUX7TS6ST6yEr0tD+CBbCpbfcMuwTI3lNtfywEVpuFaeHqDZx2QDrEX4bg0dRKgQstbXYdqmBfnOiBpUr8Wyl8U1J24rN+E07pBw/8KDGWbVg19/Ex8o4ht/p5voUfKVjD/DwWXTLntBirjfAgQAm4GH/qP4x3zNiTtlYlQFbXSk6VEVrTrxCB5rTWvGnhg31tk5P3YwvagDmGABazY5s/8tlttSc1yWBctWQJCjxSqcCLekxG4D1rVuGKCKOZgflQ9QFdQlKycInPBek3zi0i3GYkE1YnNFye5ggOnxT8qGuKjfdtZI9qvMJQO8lbEDzbYQvNns1V/k4ZobiihYwrG5TJUzZFEpMYetDK6tI8BRU11d+ja0jWzguj5/7wc0nrr/BiZ8FkAr2fZ60j2aI5kG0s3qjbrQbB/RXaGP9hRU0+480+IokNJJIcjv5iwH5ophdrjC8GH4So2kPPt0NXob1yNysdjw== n0emis@noemis.me (OLD)"; ## SECRET-DATA - ssh-ed25519 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcOPtW5FWNIdlMQFoqeyA1vHw+cA8ft8oXSbXPzQNL9 n0emis@n0emis.eu"; ## SECRET-DATA + encrypted-password "$1$DAjLGZX7$sHIjgeZhXhq/IcgRKOWy20"; + ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8xqVakxJ+AwcIrS/wyL03N++pE09epwMFlIMXWvlpwwEp1J/0H7nygwxk/9LIZdabs/ETWn0s8oHAkc7YR1c6ajSTCDiZEYATAWt7t8t4Gw/80c8u8T50lIqmiDEEVbOVv3Vta/pAN4hAUp9U5DpYCkQbvF+NKKcK3Yp8d9usNC6ohqgTK+IGAEdMhvpbbNppDMXoWHuynBzUX7TS6ST6yEr0tD+CBbCpbfcMuwTI3lNtfywEVpuFaeHqDZx2QDrEX4bg0dRKgQstbXYdqmBfnOiBpUr8Wyl8U1J24rN+E07pBw/8KDGWbVg19/Ex8o4ht/p5voUfKVjD/DwWXTLntBirjfAgQAm4GH/qP4x3zNiTtlYlQFbXSk6VEVrTrxCB5rTWvGnhg31tk5P3YwvagDmGABazY5s/8tlttSc1yWBctWQJCjxSqcCLekxG4D1rVuGKCKOZgflQ9QFdQlKycInPBek3zi0i3GYkE1YnNFye5ggOnxT8qGuKjfdtZI9qvMJQO8lbEDzbYQvNns1V/k4ZobiihYwrG5TJUzZFEpMYetDK6tI8BRU11d+ja0jWzguj5/7wc0nrr/BiZ8FkAr2fZ60j2aI5kG0s3qjbrQbB/RXaGP9hRU0+480+IokNJJIcjv5iwH5ophdrjC8GH4So2kPPt0NXob1yNysdjw== n0emis@noemis.me (OLD)"; + } + name-server { + 10.42.10.8; + } + login { + user fw { + uid 2000; + class super-user; + authentication { + ssh-rsa "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMTsFE90WT+fvRnIuIBbjLJA2Hyne6duD306+Yg3z9yVTSCQxpFcolEwRQi5X4hsb3WdlW+YtvShXcFVNi7gtgSyIsgT1+YqpR+qIC+/r2h6NeA92dztigpbznOm9oL8vOP45S9fHedJ57E/UosYW2/du4W+6U+xH1ItyQx6AiJAj/RPpLWJz9FhP99Qwp6YiPAkxujgXtOMwX0xFmiQPv9QzBaD9jOKK0vE26IFX5RYAqontVgWGn6EdceR70vTQBcAsFYMS0sc9311H2wBfOptznyIZNInAsppaGNDMdOx9SdMVDZ6GDlOCsLvHq6+ra1jGdlwtgduVQeEpHmmjD"; + } + } } services { ssh; } } +chassis { + alarm { + management-ethernet { + link-down ignore; + } + } +} interfaces { ge-0/0/0 { unit 0 { family ethernet-switching { vlan { - members VL_MGMT; + members VL_OFFICE; + } + } + } + } + ge-0/0/1 { + description Finanzen; + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members VL_VERWALTUNG; + } + } + } + } + ge-0/0/2 { + unit 0 { + family ethernet-switching { + vlan { + members VL_OFFICE; + } + } + } + } + ge-0/0/3 { + unit 0 { + family ethernet-switching { + vlan { + members VL_OFFICE; + } + } + } + } + ge-0/0/4 { + unit 0 { + family ethernet-switching { + vlan { + members VL_OFFICE; + } + } + } + } + ge-0/0/5 { + unit 0 { + family ethernet-switching { + vlan { + members VL_OFFICE; + } + } + } + } + ge-0/0/6 { + unit 0 { + family ethernet-switching { + vlan { + members VL_OFFICE; + } + } + } + } + ge-0/0/7 { + unit 0 { + family ethernet-switching { + vlan { + members VL_OFFICE; + } + } + } + } + ge-0/0/8 { + unit 0 { + family ethernet-switching { + vlan { + members VL_OFFICE; + } + } + } + } + ge-0/0/9 { + unit 0 { + family ethernet-switching { + vlan { + members VL_OFFICE; + } + } + } + } + ge-0/0/10 { + unit 0 { + family ethernet-switching { + vlan { + members VL_OFFICE; + } + } + } + } + ge-0/0/11 { + unit 0 { + family ethernet-switching { + vlan { + members VL_OFFICE; + } + } + } + } + ge-0/0/12 { + unit 0 { + family ethernet-switching { + vlan { + members VL_OFFICE; + } + } + } + } + ge-0/0/13 { + unit 0 { + family ethernet-switching { + vlan { + members VL_OFFICE; + } + } + } + } + ge-0/0/14 { + unit 0 { + family ethernet-switching { + vlan { + members VL_OFFICE; + } + } + } + } + ge-0/0/15 { + unit 0 { + family ethernet-switching { + vlan { + members VL_OFFICE; + } + } + } + } + ge-0/0/16 { + unit 0 { + family ethernet-switching { + vlan { + members VL_OFFICE; + } + } + } + } + ge-0/0/17 { + unit 0 { + family ethernet-switching { + vlan { + members VL_OFFICE; + } + } + } + } + ge-0/0/18 { + unit 0 { + family ethernet-switching { + vlan { + members VL_OFFICE; + } + } + } + } + ge-0/0/19 { + unit 0 { + family ethernet-switching { + vlan { + members VL_OFFICE; + } + } + } + } + ge-0/0/20 { + unit 0 { + family ethernet-switching { + vlan { + members VL_OFFICE; + } + } + } + } + ge-0/0/21 { + unit 0 { + family ethernet-switching { + vlan { + members VL_SIP; + } + } + } + } + ge-0/0/22 { + description AP; + unit 0 { + family ethernet-switching { + vlan { + members VL_WLAN; + } + } + } + } + ge-0/0/23 { + description DECT; + unit 0 { + family ethernet-switching { + vlan { + members VL_DECT; } } } @@ -63,53 +295,112 @@ protocols { } } ethernet-switching-options { + secure-access-port { + interface ge-0/0/0.0 { + no-dhcp-trusted; + } + interface ge-0/0/1.0 { + no-dhcp-trusted; + } + interface ge-0/0/2.0 { + no-dhcp-trusted; + } + interface ge-0/0/3.0 { + no-dhcp-trusted; + } + interface ge-0/0/4.0 { + no-dhcp-trusted; + } + interface ge-0/0/5.0 { + no-dhcp-trusted; + } + interface ge-0/0/6.0 { + no-dhcp-trusted; + } + interface ge-0/0/7.0 { + no-dhcp-trusted; + } + interface ge-0/0/8.0 { + no-dhcp-trusted; + } + interface ge-0/0/9.0 { + no-dhcp-trusted; + } + interface ge-0/0/10.0 { + no-dhcp-trusted; + } + interface ge-0/0/11.0 { + no-dhcp-trusted; + } + interface ge-0/0/12.0 { + no-dhcp-trusted; + } + interface ge-0/0/13.0 { + no-dhcp-trusted; + } + interface ge-0/0/14.0 { + no-dhcp-trusted; + } + interface ge-0/0/15.0 { + no-dhcp-trusted; + } + interface ge-0/0/16.0 { + no-dhcp-trusted; + } + interface ge-0/0/17.0 { + no-dhcp-trusted; + } + interface ge-0/0/18.0 { + no-dhcp-trusted; + } + interface ge-0/0/19.0 { + no-dhcp-trusted; + } + interface ge-0/0/20.0 { + no-dhcp-trusted; + } + interface ge-0/0/21.0 { + allowed-mac c8:9c:1d:6e:49:de; + no-dhcp-trusted; + } + interface ge-0/0/22.0 { + allowed-mac 18:64:72:c6:ce:40; + no-dhcp-trusted; + } + interface ge-0/0/23.0 { + allowed-mac 00:30:42:1b:8c:7a; + no-dhcp-trusted; + } + interface ge-0/1/3.0 { + dhcp-trusted; + } + } + voip { + interface ge-0/0/23.0 { + vlan VL_DECT; + forwarding-class expedited-forwarding; + } + interface ge-0/0/21.0 { + vlan VL_SIP; + forwarding-class expedited-forwarding; + } + } storm-control { interface all; } } vlans { - VL_MGMT { - vlan-id 42; - l3-interface vlan.42 - } - VL_WLAN { - vlan-id 131; - } VL_DECT { vlan-id 132; } - VL_SIP { - vlan-id 133; - } - VL_IOT { - vlan-id 151; - } - VL_IKT_TOYS { - vlan-id 152; - } - VL_IKT { - vlan-id 201; - } - VL_TECHNIK { - vlan-id 202; - } VL_HOSPITAL { vlan-id 203; } - VL_ZOLL { - vlan-id 204; + VL_IKT { + vlan-id 201; } - VL_LEITSTELLE { - vlan-id 205; - } - VL_VERWALTUNG { - vlan-id 206; - } - VL_ZENTRAL { - vlan-id 207; - } - VL_YOLO { - vlan-id 208; + VL_IKT_TOYS { + vlan-id 152; } VL_INFOJURTE { vlan-id 209; @@ -117,10 +408,46 @@ vlans { VL_INTERNATIONAL { vlan-id 210; } - VL_PROGRAMM { - vlan-id 211; + VL_IOT { + vlan-id 151; + } + VL_LEITSTELLE { + vlan-id 205; + } + VL_MGMT { + vlan-id 42; + l3-interface vlan.42; } VL_OFFICE { vlan-id 212; } + VL_PROGRAMM { + vlan-id 211; + } + VL_SIP { + vlan-id 133; + } + VL_TECHNIK { + vlan-id 202; + } + VL_VERWALTUNG { + vlan-id 206; + } + VL_WLAN { + vlan-id 131; + } + VL_YOLO { + vlan-id 208; + } + VL_ZENTRAL { + vlan-id 207; + } + VL_ZOLL { + vlan-id 204; + } +} +poe { + interface ge-0/0/22; + interface ge-0/0/23; + interface ge-0/0/21; }