Sample Static Profiles

The following configuration creates a profile and runs it statically:

* BD-10808.4 # Create upm profile p1
Enable port 1:1
.
* BD-10808.4 #run upm profile p1
* BD-10808.4 # show upm history exec 8006
UPM Profile: p1
Event:  User Request    , Time run: 2006-10-18 11:56:15
Execution Identifier: 8006      Execution Status: Pass
Execution Information:
1 # enable cli scripting
2 # set var EVENT.NAME USER-REQUEST
3 # set var EVENT.TIME 1161172575
4 # set var EVENT.PROFILE p1
5 # enable port 1:1

This profile creates and configures EAPS on the edge switch for connecting to the aggregation switch, creates specific VLANs and assigns tags, configures network login, and configures the RADIUS client component on the switch.

#***********************************************
# Last Updated: May 11, 2007
# Tested Devices: SummitX EXOS 12.0
# Description: This profile configures the switch with an EAPs ring, creates specified
# vlans, configure network login, RADIUS.
#***********************************************
# @MetaDataStart
# @ScriptDescription “This is a template for configuring network parameters for edge Summit devices.  The profile will configure the listed features:  EAPs ring, Network login, 802.1X, vlans, and default routes.”
# @VariableFieldLabel “Create EAPs ring? (yes or no)”
set var yneaps yes
# @VariableFieldLabel “Name of EAPs domain”
set var eapsdomain upm-domain
# @VariableFieldLabel “Primary port number”
set var eapsprimary 23
# @VariableFieldLabel “Secondary port number”
set var eapssecondary 24
# @VariableFieldLabel “Name of EAPs control VLAN”
set var eapsctrl upm_ctrl
# @VariableFieldLabel “Tag for EAPs control VLAN”
set var eapsctrltag 4000
# @VariableFieldLabel “Create standard VLANs? (yes or no)”
set var ynvlan yes
# @VariableFieldLabel “Name of Voice vlan”
set var vvoice voice
# @VariableFieldLabel “Voice VLAN tag”
set var vvoicetag 10
# @VariableFieldLabel “Voice VLAN virtual router”
set var vvoicevr vr-default
# @VariableFieldLabel “Name of Security Video”
set var vidsec vidcam
# @VariableFieldLabel “Security Video VLAN tag”
set var vidsectag 40
# @VariableFieldLabel “Security Video VLAN virtual router”
set var vidsecvr vr-default
# @VariableFieldLabel “Name of Data vlan”
set var vdata datatraffic
# @VariableFieldLabel “Data VLAN tag”
set var vdatatag 11
# @VariableFieldLabel “Data VLAN virtual router”
set var vdatavr vr-default
# @VariableFieldLabel “Enable Network Login? (yes or no)”
set var ynnetlogin yes
# @VariableFieldLabel “RADIUS Server IP Address”
set var radserver 192.168.11.144
# @VariableFieldLabel “RADIUS Client IP Address”
set var radclient 192.168.11.221
# @VariableFieldLabel “RADIUS Server Shared Secret”
set var radsecret goextreme
# @VariableFieldLabel “Network Login port list”
set var netloginports 1-20
# @MetaDataEnd
##################################
# Start of EAPs Configuration block
##################################
if (!$match($yneaps,yes)) then
create log message Config_EAPs
config eaps config-warnings off
create eaps $eapsdomain
config eaps $eapsdomain mode transit
config eaps $eapsdomain primary port $eapsprimary
config eaps $eapsdomain secondary port $eapssecondary
create vlan $eapsctrl
config $eapsctrl tag $eapsctrltag
config $eapsctrl qosprofile qp8
config $eapsctrl add port $eapsprimary tagged
config $eapsctrl add port $eapssecondary tagged
config eaps $eapsdomain add control vlan $eapsctrl
enable eaps
enable eaps $eapsdomain
else
create log message EAPs_Not_Configured
endif
############
#VLAN Config
############
if (!$match($ynvlan,yes)) then
create log message CreateStandardVLANs
create vlan $vvoice vr $vvoicevr
config vlan $vvoice tag $vvoicetag
config vlan $vvoice add port $eapsprimary tagged
config vlan $vvoice add port $eapssecondary tagged
config eaps $eapsdomain add protected $vvoice
enable lldp ports $netloginports
create qosprofile qp5
config vlan $vvoice ipa 192.168.10.221
#
create vlan $vidsec vr $vidsecvr
config vlan $vidsec tag $vidsectag
config vlan $vidsec add port $eapsprimary tagged
config vlan $vidsec add port $eapssecondary tagged
config eaps $eapsdomain add protected $vidsec
config vlan $vidsec ipa 192.168.40.221
#
create vlan $vdata vr $vdatavr
config vlan $vdata tag $vdatatag
config vlan $vdata add port $eapsprimary tagged
config vlan $vdata add port $eapssecondary tagged
config eaps $eapsdomain add protected $vdata
config vlan $vdata ipa 192.168.11.221
#  config ipr add default 192.168.11.254 vr vr-default
else
create log message NoVLANsCreated
endif
############
#RADIUS & Netlogin
############
if (!$match($ynnetlogin,yes)) then
create log message ConfigNetlogin
#configure $vdata ipaddress 192.168.11.221
create vlan nvlan
config netlogin vlan nvlan
config default del po $netloginports
enable netlogin dot1x
enable netlogin mac
enable netlogin ports $netloginports dot1x mac
config netlogin ports $netloginports mode mac-based-vlans
config radius netlogin primary server $radserver client-ip $radclient vr VR-Default
config radius netlogin primary shared-secret $radsecret
enable radius netlogin
config netlogin add mac-list 00:19:5B:D3:e8:DD
else
create log message NoNetlogin
endif