initial commit: vlan filtering

README.md

@@ -0,0 +1,11 @@
+
+wip collection of j2 templates to configure routeros
+
+## opinionated areas
+### interfaces.rsc.j2
+* currently only bridging support
+* you must create an interface of type bridge and assign all members to it.
+* if no pvid is set, no untagged packets are allowed
+* mode tagged-all configures all vlans in site of device and **DOES NOT DISABLE FILTERING**
+* mode tagged configures tagged and or untagged (as you'd expect)
+* mode access restricts to pvid tagged or untagged

interfaces.rsc.j2

@@ -0,0 +1,29 @@
+{%- for bridge in device.interfaces.filter(type="bridge")|list %}
+{%- set brid = bridge.id %}
+{%- set brname = bridge.name %}
+/interface bridge add name={{ brname }} vlan-filtering=yes frame-types=admit-only-vlan-tagged
+{%- for iface in device.interfaces.filter(bridge=brid) %}
+{%- if iface.untagged_vlan or iface.tagged_vlans.exists() or iface.mode=="tagged-all" %}
+/interface bridge port add bridge={{ brname }} interface={{ iface.name }} 
+{%- if iface.untagged_vlan %} pvid={{ iface.untagged_vlan.vid }} {%- endif %}
+{%- if iface.mode == "access" %} frame-types=admit-only-untagged-and-priority-tagged 
+{%- elif iface.mode == "tagged-all" %} frame-types=admit-only-vlan-tagged {%- endif %}
+{%- endif %}
+{%- for ip in iface.ip_addresses.filter(status="active") %}
+/ip address add address={{ ip }} interface={{ iface }}
+{%- endfor %}
+{%- endfor %}
+{%- for v in device.site.vlans.all() %}
+{%- set ift = device.interfaces.filter(tagged_vlans=v,bridge=brid)|list %}
+{%- set ifta = device.interfaces.filter(mode="tagged-all")|list %}
+{%- set iftm = ift|default([]) + ifta|default([]) %}
+{%- set ifu = device.interfaces.filter(untagged_vlan=v,bridge=brid)|list -%}
+{%- if ift or iftm %}
+/interface bridge vlan add bridge={{ brname }} vlan-ids={{ v.vid }}
+{%- if iftm %} tagged={{ iftm|join(",") }}{% endif %}
+{%- if ifu %} untagged={{ ifu|join(",") }}{% endif %}
+{%- endif %}
+{%- endfor %}
+{%- endfor %}
+
+