The following configuration creates a profile and runs it statically:
* BD-10808.4 # Create upm profile p1 Enable port 1:1 . * BD-10808.4 #run upm profile p1 * BD-10808.4 # show upm history exec 8006 UPM Profile: p1 Event: User Request , Time run: 2006-10-18 11:56:15 Execution Identifier: 8006 Execution Status: Pass Execution Information: 1 # enable cli scripting 2 # set var EVENT.NAME USER-REQUEST 3 # set var EVENT.TIME 1161172575 4 # set var EVENT.PROFILE p1 5 # enable port 1:1
This profile creates and configures EAPS on the edge switch for connecting to the aggregation switch, creates specific VLANs and assigns tags, configures network login, and configures the RADIUS client component on the switch.
#*********************************************** # Last Updated: May 11, 2007 # Tested Devices: SummitX EXOS 12.0 # Description: This profile configures the switch with an EAPs ring, creates specified # vlans, configure network login, RADIUS. #*********************************************** # @MetaDataStart # @ScriptDescription “This is a template for configuring network parameters for edge Summit devices. The profile will configure the listed features: EAPs ring, Network login, 802.1X, vlans, and default routes.” # @VariableFieldLabel “Create EAPs ring? (yes or no)” set var yneaps yes # @VariableFieldLabel “Name of EAPs domain” set var eapsdomain upm-domain # @VariableFieldLabel “Primary port number” set var eapsprimary 23 # @VariableFieldLabel “Secondary port number” set var eapssecondary 24 # @VariableFieldLabel “Name of EAPs control VLAN” set var eapsctrl upm_ctrl # @VariableFieldLabel “Tag for EAPs control VLAN” set var eapsctrltag 4000 # @VariableFieldLabel “Create standard VLANs? (yes or no)” set var ynvlan yes # @VariableFieldLabel “Name of Voice vlan” set var vvoice voice # @VariableFieldLabel “Voice VLAN tag” set var vvoicetag 10 # @VariableFieldLabel “Voice VLAN virtual router” set var vvoicevr vr-default # @VariableFieldLabel “Name of Security Video” set var vidsec vidcam # @VariableFieldLabel “Security Video VLAN tag” set var vidsectag 40 # @VariableFieldLabel “Security Video VLAN virtual router” set var vidsecvr vr-default # @VariableFieldLabel “Name of Data vlan” set var vdata datatraffic # @VariableFieldLabel “Data VLAN tag” set var vdatatag 11 # @VariableFieldLabel “Data VLAN virtual router” set var vdatavr vr-default # @VariableFieldLabel “Enable Network Login? (yes or no)” set var ynnetlogin yes # @VariableFieldLabel “RADIUS Server IP Address” set var radserver 192.168.11.144 # @VariableFieldLabel “RADIUS Client IP Address” set var radclient 192.168.11.221 # @VariableFieldLabel “RADIUS Server Shared Secret” set var radsecret goextreme # @VariableFieldLabel “Network Login port list” set var netloginports 1-20 # @MetaDataEnd ################################## # Start of EAPs Configuration block ################################## if (!$match($yneaps,yes)) then create log message Config_EAPs config eaps config-warnings off create eaps $eapsdomain config eaps $eapsdomain mode transit config eaps $eapsdomain primary port $eapsprimary config eaps $eapsdomain secondary port $eapssecondary create vlan $eapsctrl config $eapsctrl tag $eapsctrltag config $eapsctrl qosprofile qp8 config $eapsctrl add port $eapsprimary tagged config $eapsctrl add port $eapssecondary tagged config eaps $eapsdomain add control vlan $eapsctrl enable eaps enable eaps $eapsdomain else create log message EAPs_Not_Configured endif ############ #VLAN Config ############ if (!$match($ynvlan,yes)) then create log message CreateStandardVLANs create vlan $vvoice vr $vvoicevr config vlan $vvoice tag $vvoicetag config vlan $vvoice add port $eapsprimary tagged config vlan $vvoice add port $eapssecondary tagged config eaps $eapsdomain add protected $vvoice enable lldp ports $netloginports create qosprofile qp5 config vlan $vvoice ipa 192.168.10.221 # create vlan $vidsec vr $vidsecvr config vlan $vidsec tag $vidsectag config vlan $vidsec add port $eapsprimary tagged config vlan $vidsec add port $eapssecondary tagged config eaps $eapsdomain add protected $vidsec config vlan $vidsec ipa 192.168.40.221 # create vlan $vdata vr $vdatavr config vlan $vdata tag $vdatatag config vlan $vdata add port $eapsprimary tagged config vlan $vdata add port $eapssecondary tagged config eaps $eapsdomain add protected $vdata config vlan $vdata ipa 192.168.11.221 # config ipr add default 192.168.11.254 vr vr-default else create log message NoVLANsCreated endif ############ #RADIUS & Netlogin ############ if (!$match($ynnetlogin,yes)) then create log message ConfigNetlogin #configure $vdata ipaddress 192.168.11.221 create vlan nvlan config netlogin vlan nvlan config default del po $netloginports enable netlogin dot1x enable netlogin mac enable netlogin ports $netloginports dot1x mac config netlogin ports $netloginports mode mac-based-vlans config radius netlogin primary server $radserver client-ip $radclient vr VR-Default config radius netlogin primary shared-secret $radsecret enable radius netlogin config netlogin add mac-list 00:19:5B:D3:e8:DD else create log message NoNetlogin endif