123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199 |
- ---
- # This file holds variables relevant to all sites and devices.
- #
- # SNMP variables
- snmp_auth_proto: sha
- snmp_priv_proto: des
- snmp_user: CLEUR
- # Core variables
- core_hsrp_vip_v4_suffix: "254"
- core_hsrp_vip_v6_suffix: "fe"
- core_hsrp_v4_track: "3"
- core_hsrp_v6_track: "5"
- # Base IPv4 Variables
- base_major_net: "10"
- # Base IPv6 Variables
- base_v6_prefix: "2a05:f8c0:2"
- # OSPF Variables
- ospf_pid: "1"
- # IDF Variables
- stretched_idf_id: "252"
- # DHCP variables
- dhcp_servers:
- - 10.100.253.9
- - 10.100.254.9
- # DNS variables
- dns_servers_v6:
- - "2a0f:f8c0:2:64fd::6"
- - "2a0f:f8c0:2:64fe::6"
- search_domains:
- - ciscolive.network
- rdnss_lifetime: "86400"
- # TACACS+ variables
- tacacs_group_name: ISE
- tacacs_host_timeout: "10"
- tacacs_servers:
- - { host: 10.100.253.7 }
- - { host: 10.100.254.7 }
- # Port-channel variables
- port_channels:
- port-channel99: True
- port-channel66: False
- port-channel67: False
- port-channel11: False
- port-channel12: False
- # VMware variables
- cluster_vswitch:
- FlexPod: vSwitch0
- HyperFlex-DC1: vswitch-hx-vm-network
- HyperFlex-DC2: vswitch-hx-vm-network
- # ACL variables
- # TODO: Automate the update of these templates
- v4_acl_name: IPV4-ACL-COMMON_VLAN
- v4_acl_template:
- - remark STANDARD-PERMITS-v1
- - remark HELP-SERVER
- - permit tcp any host 10.100.252.5 eq www
- - permit tcp any host 10.100.253.5 eq www
- - permit tcp any host 10.100.254.5 eq www
- - permit tcp any eq 22 host 10.100.252.5 gt 1024
- - permit tcp any eq 22 host 10.100.253.5 gt 1024
- - permit tcp any eq 22 host 10.100.254.5 gt 1024
- - permit tcp any eq 23 host 10.100.252.5 gt 1024
- - permit tcp any eq 23 host 10.100.253.5 gt 1024
- - permit tcp any eq 23 host 10.100.254.5 gt 1024
- - remark PING-SWEEPER
- - permit icmp any host 10.100.252.5 echo-reply
- - permit icmp any host 10.100.253.5 echo-reply
- - permit icmp any host 10.100.254.5 echo-reply
- - remark PERMIT-DHCP
- - permit udp any any eq bootps
- - remark PERMIT-DNS
- - permit udp any host 10.100.252.6 eq domain
- - permit udp any host 10.100.253.6 eq domain
- - permit udp any host 10.100.254.6 eq domain
- - remark PERMIT-NTP
- - permit udp any host 10.100.253.4 eq ntp
- - permit udp any host 10.100.254.4 eq ntp
- - remark PERMIT-AP-ONBOARDING
- - permit ip any host 10.130.0.7
- - permit ip any host 10.130.0.9
- - remark PERMIT-MULTICAST-v1
- - permit ip any 224.0.0.0 15.255.255.255
- - remark PERMIT-IGMP
- - permit igmp any any
- - remark END-STANDARD-PERMITS-v1
- - remark PERMIT-INTER-VLAN-TRAFFIC-SITEWIDE-v1
- - permit ip 10.2.0.0 0.0.255.255 10.2.0.0 0.0.255.255
- - permit ip 10.3.0.0 0.0.255.255 10.3.0.0 0.0.255.255
- - permit ip 10.7.0.0 0.0.255.255 10.7.0.0 0.0.255.255
- - permit ip 10.16.0.0 0.0.255.255 10.16.0.0 0.0.255.255
- - permit ip 10.17.0.0 0.0.255.255 10.17.0.0 0.0.255.255
- - permit ip 10.18.0.0 0.0.255.255 10.18.0.0 0.0.255.255
- - permit ip 10.19.0.0 0.0.255.255 10.19.0.0 0.0.255.255
- - permit ip 10.20.0.0 0.0.255.255 10.20.0.0 0.0.255.255
- - permit ip 10.21.0.0 0.0.255.255 10.21.0.0 0.0.255.255
- - permit ip 10.22.0.0 0.0.255.255 10.22.0.0 0.0.255.255
- - permit ip 10.23.0.0 0.0.255.255 10.23.0.0 0.0.255.255
- - permit ip 10.24.0.0 0.0.255.255 10.24.0.0 0.0.255.255
- - permit ip 10.25.0.0 0.0.255.255 10.25.0.0 0.0.255.255
- - permit ip 10.32.0.0 0.0.255.255 10.32.0.0 0.0.255.255
- - permit ip 10.33.0.0 0.0.255.255 10.33.0.0 0.0.255.255
- - permit ip 10.34.0.0 0.0.255.255 10.34.0.0 0.0.255.255
- - permit ip 10.35.0.0 0.0.255.255 10.35.0.0 0.0.255.255
- - permit ip 10.36.0.0 0.0.255.255 10.36.0.0 0.0.255.255
- - permit ip 10.38.0.0 0.0.255.255 10.38.0.0 0.0.255.255
- - permit ip 10.39.0.0 0.0.255.255 10.39.0.0 0.0.255.255
- - permit ip 10.40.0.0 0.0.255.255 10.40.0.0 0.0.255.255
- - permit ip 10.41.0.0 0.0.255.255 10.41.0.0 0.0.255.255
- - permit ip 10.42.0.0 0.0.255.255 10.42.0.0 0.0.255.255
- - permit ip 10.43.0.0 0.0.255.255 10.43.0.0 0.0.255.255
- - permit ip 10.100.0.0 0.0.255.255 10.100.0.0 0.0.255.255
- - permit ip 10.127.0.0 0.0.255.255 10.127.0.0 0.0.255.255
- - remark PERMIT-VLAN16-to-VLAN23-for-LABS
- - permit ip 10.16.0.0 0.0.255.255 10.23.0.0 0.0.255.255
- - permit ip 10.23.0.0 0.0.255.255 10.16.0.0 0.0.255.255
- - remark DENY-INTERNAL-v1
- - deny ip any 10.0.0.0 0.255.255.255
- - deny ip any 172.16.0.0 0.15.255.255
- - deny ip any 192.168.0.0 0.0.255.255
- - remark DENY-INTERNET-FOR-VLAN2-Quarantine-v1
- - deny ip 10.2.0.0 0.0.255.255 any
- - remark PERMIT-INTERNET-v1
- - permit ip any any
- v6_acl_name: IPV6-ACL-COMMON-VLAN
- v6_acl_template:
- - remark ACL-V6
- - remark ACE-V6-STANDARD-PERMITS
- - remark PERMIT-ND
- - permit icmp any any nd-ns
- - permit icmp any any nd-na
- - remark PERMIT-ICMP
- - permit icmp any any router-solicitation
- - permit icmp any any packet-too-big
- - permit icmp any any time-exceeded
- - permit icmp any any echo-reply
- - permit icmp any any echo-request
- - remark PERMIT-DNS CPNR
- - permit udp any host 2a05:f8c0:0002:64fd::6 eq domain
- - permit tcp any host 2a05:f8c0:0002:64fd::6 eq domain
- - permit udp any host 2a05:f8c0:0002:64fd::6a eq domain
- - permit tcp any host 2a05:f8c0:0002:64fd::6a eq domain
- - remark PERMIT-NTP
- - permit udp any host 2a05:f8c0:0002:64fd::04
- - permit udp any host 2a05:f8c0:0002:64fd::68
- - remark PERMIT-MULTICAST
- - permit ipv6 any ff00::/8
- - remark PERMIT-MLD
- - permit icmp any any mld-report
- - permit icmp any any mld-v2-report
- - remark END-STANDARD-PERMITS
- - remark PERMIT-INTER-VLAN-TRAFFIC-SITEWIDE
- - permit ipv6 2a05:f8c0:0002:0200::/56 2a05:f8c0:0002:0200::/56
- - permit ipv6 2a05:f8c0:0002:0300::/56 2a05:f8c0:0002:0300::/56
- - permit ipv6 2a05:f8c0:0002:0700::/56 2a05:f8c0:0002:0700::/56
- - permit ipv6 2a05:f8c0:0002:1000::/56 2a05:f8c0:0002:1000::/56
- - permit ipv6 2a05:f8c0:0002:1100::/56 2a05:f8c0:0002:1100::/56
- - permit ipv6 2a05:f8c0:0002:1200::/56 2a05:f8c0:0002:1200::/56
- - permit ipv6 2a05:f8c0:0002:1300::/56 2a05:f8c0:0002:1300::/56
- - permit ipv6 2a05:f8c0:0002:1400::/56 2a05:f8c0:0002:1400::/56
- - permit ipv6 2a05:f8c0:0002:1500::/56 2a05:f8c0:0002:1500::/56
- - permit ipv6 2a05:f8c0:0002:1600::/56 2a05:f8c0:0002:1600::/56
- - permit ipv6 2a05:f8c0:0002:1700::/56 2a05:f8c0:0002:1700::/56
- - permit ipv6 2a05:f8c0:0002:1800::/56 2a05:f8c0:0002:1800::/56
- - permit ipv6 2a05:f8c0:0002:1900::/56 2a05:f8c0:0002:1900::/56
- - permit ipv6 2a05:f8c0:0002:2000::/56 2a05:f8c0:0002:2000::/56
- - permit ipv6 2a05:f8c0:0002:2100::/56 2a05:f8c0:0002:2100::/56
- - permit ipv6 2a05:f8c0:0002:2200::/56 2a05:f8c0:0002:2200::/56
- - permit ipv6 2a05:f8c0:0002:2300::/56 2a05:f8c0:0002:2300::/56
- - permit ipv6 2a05:f8c0:0002:2400::/56 2a05:f8c0:0002:2400::/56
- - permit ipv6 2a05:f8c0:0002:2600::/56 2a05:f8c0:0002:2600::/56
- - permit ipv6 2a05:f8c0:0002:2700::/56 2a05:f8c0:0002:2700::/56
- - permit ipv6 2a05:f8c0:0002:2800::/56 2a05:f8c0:0002:2800::/56
- - permit ipv6 2a05:f8c0:0002:2900::/56 2a05:f8c0:0002:2900::/56
- - permit ipv6 2a05:f8c0:0002:2a00::/56 2a05:f8c0:0002:2a00::/56
- - permit ipv6 2a05:f8c0:0002:2b00::/56 2a05:f8c0:0002:2b00::/56
- - permit ipv6 2a05:f8c0:0002:6400::/56 2a05:f8c0:0002:6400::/56
- - permit ipv6 2a05:f8c0:0002:7f00::/56 2a05:f8c0:0002:7f00::/56
- - remark remark PERMIT-VLAN16-to-VLAN23-for-LABS
- - permit ipv6 2a05:f8c0:0002:1000::/56 2a05:f8c0:0002:1700::/56
- - permit ipv6 2a05:f8c0:0002:1700::/56 2a05:f8c0:0002:1000::/56
- - remark DENY-INTERNAL
- - deny ipv6 any 2a05:f8c0:0002::/48
- - remark DENY-INTERNET-FOR-VLAN2-Quarantine
- - deny ipv6 2a05:f8c0:0002:0200::/56 any
- - remark ACE-V6-PERMIT-INTERNET
- - permit ipv6 any any
|