MarcusCom
/
ciscolive


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191
							---
# This file holds variables relevant to all sites and devices.
#

# SNMP variables
snmp_auth_proto: sha
snmp_priv_proto: des
snmp_user: CLEUR

# Core variables
core_hsrp_vip_v4_suffix: "254"
core_hsrp_vip_v6_suffix: "fe"
core_hsrp_v4_track: "3"
core_hsrp_v6_track: "5"

# Base IPv4 Variables
base_major_net: "10"

# Base IPv6 Variables
base_v6_prefix: "2a05:f8c0:2"

# OSPF Variables
ospf_pid: "1"

# IDF Variables
stretched_idf_id: "252"

# DHCP variables
dhcp_servers:
  - 10.100.253.9
  - 10.100.254.9

# TACACS+ variables
tacacs_group_name: ISE
tacacs_host_timeout: "10"
tacacs_servers:
    - { host: 10.100.253.7 }
    - { host: 10.100.254.7 }

# Port-channel variables
port_channels:
  port-channel99: True
  port-channel66: False
  port-channel67: False
  port-channel11: False
  port-channel12: False

# VMware variables
cluster_vswitch:
  FlexPod: vSwitch0
  HyperFlex-DC1: vswitch-hx-vm-network
  HyperFlex-DC2: vswitch-hx-vm-network

# ACL variables
# TODO: Automate the update of these templates
v4_acl_name: IPV4-ACL-COMMON_VLAN
v4_acl_template:
  -  remark STANDARD-PERMITS-v1
  -  remark HELP-SERVER
  -  permit tcp any host 10.100.252.5 eq www
  -  permit tcp any host 10.100.253.5 eq www
  -  permit tcp any host 10.100.254.5 eq www
  -  permit tcp any eq 22 host 10.100.252.5 gt 1024
  -  permit tcp any eq 22 host 10.100.253.5 gt 1024
  -  permit tcp any eq 22 host 10.100.254.5 gt 1024
  -  permit tcp any eq 23 host 10.100.252.5 gt 1024
  -  permit tcp any eq 23 host 10.100.253.5 gt 1024
  -  permit tcp any eq 23 host 10.100.254.5 gt 1024
  -  remark PING-SWEEPER
  -  permit icmp any host 10.100.252.5 echo-reply
  -  permit icmp any host 10.100.253.5 echo-reply
  -  permit icmp any host 10.100.254.5 echo-reply
  -  remark PERMIT-DHCP
  -  permit udp any any eq bootps
  -  remark PERMIT-DNS
  -  permit udp any host 10.100.252.6 eq domain
  -  permit udp any host 10.100.253.6 eq domain
  -  permit udp any host 10.100.254.6 eq domain
  -  remark PERMIT-NTP
  -  permit udp any host 10.100.253.4 eq ntp
  -  permit udp any host 10.100.254.4 eq ntp
  -  remark PERMIT-AP-ONBOARDING
  -  permit ip any host 10.130.0.7
  -  permit ip any host 10.130.0.9
  -  remark PERMIT-MULTICAST-v1
  -  permit ip any 224.0.0.0 15.255.255.255
  -  remark PERMIT-IGMP
  -  permit igmp any any
  -  remark END-STANDARD-PERMITS-v1
  -  remark PERMIT-INTER-VLAN-TRAFFIC-SITEWIDE-v1
  -  permit ip 10.2.0.0 0.0.255.255 10.2.0.0 0.0.255.255
  -  permit ip 10.3.0.0 0.0.255.255 10.3.0.0 0.0.255.255
  -  permit ip 10.7.0.0 0.0.255.255 10.7.0.0 0.0.255.255
  -  permit ip 10.16.0.0 0.0.255.255 10.16.0.0 0.0.255.255
  -  permit ip 10.17.0.0 0.0.255.255 10.17.0.0 0.0.255.255
  -  permit ip 10.18.0.0 0.0.255.255 10.18.0.0 0.0.255.255
  -  permit ip 10.19.0.0 0.0.255.255 10.19.0.0 0.0.255.255
  -  permit ip 10.20.0.0 0.0.255.255 10.20.0.0 0.0.255.255
  -  permit ip 10.21.0.0 0.0.255.255 10.21.0.0 0.0.255.255
  -  permit ip 10.22.0.0 0.0.255.255 10.22.0.0 0.0.255.255
  -  permit ip 10.23.0.0 0.0.255.255 10.23.0.0 0.0.255.255
  -  permit ip 10.24.0.0 0.0.255.255 10.24.0.0 0.0.255.255
  -  permit ip 10.25.0.0 0.0.255.255 10.25.0.0 0.0.255.255
  -  permit ip 10.32.0.0 0.0.255.255 10.32.0.0 0.0.255.255
  -  permit ip 10.33.0.0 0.0.255.255 10.33.0.0 0.0.255.255
  -  permit ip 10.34.0.0 0.0.255.255 10.34.0.0 0.0.255.255
  -  permit ip 10.35.0.0 0.0.255.255 10.35.0.0 0.0.255.255
  -  permit ip 10.36.0.0 0.0.255.255 10.36.0.0 0.0.255.255
  -  permit ip 10.38.0.0 0.0.255.255 10.38.0.0 0.0.255.255
  -  permit ip 10.39.0.0 0.0.255.255 10.39.0.0 0.0.255.255
  -  permit ip 10.40.0.0 0.0.255.255 10.40.0.0 0.0.255.255
  -  permit ip 10.41.0.0 0.0.255.255 10.41.0.0 0.0.255.255
  -  permit ip 10.42.0.0 0.0.255.255 10.42.0.0 0.0.255.255
  -  permit ip 10.43.0.0 0.0.255.255 10.43.0.0 0.0.255.255
  -  permit ip 10.100.0.0 0.0.255.255 10.100.0.0 0.0.255.255
  -  permit ip 10.127.0.0 0.0.255.255 10.127.0.0 0.0.255.255
  -  remark PERMIT-VLAN16-to-VLAN23-for-LABS
  -  permit ip 10.16.0.0 0.0.255.255 10.23.0.0 0.0.255.255
  -  permit ip 10.23.0.0 0.0.255.255 10.16.0.0 0.0.255.255
  -  remark DENY-INTERNAL-v1
  -  deny   ip any 10.0.0.0 0.255.255.255
  -  deny   ip any 172.16.0.0 0.15.255.255
  -  deny   ip any 192.168.0.0 0.0.255.255
  -  remark DENY-INTERNET-FOR-VLAN2-Quarantine-v1
  -  deny   ip 10.2.0.0 0.0.255.255 any
  -  remark PERMIT-INTERNET-v1
  -  permit ip any any

v6_acl_name: IPV6-ACL-COMMON-VLAN
v6_acl_template:
  -  remark ACL-V6
  -  remark ACE-V6-STANDARD-PERMITS
  -  remark PERMIT-ND
  -  permit icmp any any nd-ns
  -  permit icmp any any nd-na
  -  remark PERMIT-ICMP
  -  permit icmp any any router-solicitation
  -  permit icmp any any packet-too-big
  -  permit icmp any any time-exceeded
  -  permit icmp any any echo-reply
  -  permit icmp any any echo-request
  -  remark PERMIT-DNS CPNR
  -  permit udp any host 2a05:f8c0:0002:64fd::6 eq domain
  -  permit tcp any host 2a05:f8c0:0002:64fd::6 eq domain
  -  permit udp any host 2a05:f8c0:0002:64fd::6a eq domain
  -  permit tcp any host 2a05:f8c0:0002:64fd::6a eq domain
  -  remark PERMIT-NTP
  -  permit udp any host 2a05:f8c0:0002:64fd::04
  -  permit udp any host 2a05:f8c0:0002:64fd::68
  -  remark PERMIT-MULTICAST
  -  permit ipv6 any ff00::/8
  -  remark PERMIT-MLD
  -  permit icmp any any mld-report
  -  permit icmp any any mld-v2-report
  -  remark END-STANDARD-PERMITS
  -  remark PERMIT-INTER-VLAN-TRAFFIC-SITEWIDE
  -  permit ipv6 2a05:f8c0:0002:0200::/56 2a05:f8c0:0002:0200::/56
  -  permit ipv6 2a05:f8c0:0002:0300::/56 2a05:f8c0:0002:0300::/56
  -  permit ipv6 2a05:f8c0:0002:0700::/56 2a05:f8c0:0002:0700::/56
  -  permit ipv6 2a05:f8c0:0002:1000::/56 2a05:f8c0:0002:1000::/56
  -  permit ipv6 2a05:f8c0:0002:1100::/56 2a05:f8c0:0002:1100::/56
  -  permit ipv6 2a05:f8c0:0002:1200::/56 2a05:f8c0:0002:1200::/56
  -  permit ipv6 2a05:f8c0:0002:1300::/56 2a05:f8c0:0002:1300::/56
  -  permit ipv6 2a05:f8c0:0002:1400::/56 2a05:f8c0:0002:1400::/56
  -  permit ipv6 2a05:f8c0:0002:1500::/56 2a05:f8c0:0002:1500::/56
  -  permit ipv6 2a05:f8c0:0002:1600::/56 2a05:f8c0:0002:1600::/56
  -  permit ipv6 2a05:f8c0:0002:1700::/56 2a05:f8c0:0002:1700::/56
  -  permit ipv6 2a05:f8c0:0002:1800::/56 2a05:f8c0:0002:1800::/56
  -  permit ipv6 2a05:f8c0:0002:1900::/56 2a05:f8c0:0002:1900::/56
  -  permit ipv6 2a05:f8c0:0002:2000::/56 2a05:f8c0:0002:2000::/56
  -  permit ipv6 2a05:f8c0:0002:2100::/56 2a05:f8c0:0002:2100::/56
  -  permit ipv6 2a05:f8c0:0002:2200::/56 2a05:f8c0:0002:2200::/56
  -  permit ipv6 2a05:f8c0:0002:2300::/56 2a05:f8c0:0002:2300::/56
  -  permit ipv6 2a05:f8c0:0002:2400::/56 2a05:f8c0:0002:2400::/56
  -  permit ipv6 2a05:f8c0:0002:2600::/56 2a05:f8c0:0002:2600::/56
  -  permit ipv6 2a05:f8c0:0002:2700::/56 2a05:f8c0:0002:2700::/56
  -  permit ipv6 2a05:f8c0:0002:2800::/56 2a05:f8c0:0002:2800::/56
  -  permit ipv6 2a05:f8c0:0002:2900::/56 2a05:f8c0:0002:2900::/56
  -  permit ipv6 2a05:f8c0:0002:2a00::/56 2a05:f8c0:0002:2a00::/56
  -  permit ipv6 2a05:f8c0:0002:2b00::/56 2a05:f8c0:0002:2b00::/56
  -  permit ipv6 2a05:f8c0:0002:6400::/56 2a05:f8c0:0002:6400::/56
  -  permit ipv6 2a05:f8c0:0002:7f00::/56 2a05:f8c0:0002:7f00::/56
  -  remark remark PERMIT-VLAN16-to-VLAN23-for-LABS
  -  permit ipv6 2a05:f8c0:0002:1000::/56 2a05:f8c0:0002:1700::/56
  -  permit ipv6 2a05:f8c0:0002:1700::/56 2a05:f8c0:0002:1000::/56
  -  remark DENY-INTERNAL
  -  deny ipv6 any 2a05:f8c0:0002::/48
  -  remark DENY-INTERNET-FOR-VLAN2-Quarantine
  -  deny ipv6 2a05:f8c0:0002:0200::/56 any
  -  remark ACE-V6-PERMIT-INTERNET
  -  permit ipv6 any any