Last active
July 10, 2024 05:20
-
-
Save lukas2511/0f4199b56f248775119eba3378c857bf to your computer and use it in GitHub Desktop.
Meraki MS220-8P config without cloud bullshit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # This script configures a meraki ms220-8p switch completely from scratch | |
| # See https://leo.leung.xyz/wiki/Meraki_MS220-8P for rooting instructions | |
| # You can keep config and config.local completely empty, but i'd recommend to add a configuration | |
| # which isolates all ports from each other. | |
| # Without that you might have switching loops on bootup (unlikely since STP keeps longer to initialize | |
| # than it takes this script to take over, but it just feels cleaner). | |
| # Next to the configuration in this script I'd recommend adding a newer busybox binary to the system | |
| # Simply put busybox-mipsel into /storage, cp it to /bin/busybox on init and run /bin/busybox --install | |
| # Definitive TODO: Figure out how to disable management dhcp client | |
| # Obviously a ton of other TODOs, but all features I really need are reversed by now | |
| # Kill everything except for a few critical services | |
| # We do not want Meraki's software talking to the cloud. | |
| ps | grep -vE '\[|init|syslog|ntpd|watchdog' | awk '{print $1}' | while read i ; do kill -9 $i ; done | |
| freeze -w | |
| # IP Config (IP Netmask Gateway MTU Broadcast VID) | |
| echo 192.168.178.254 255.255.255.0 192.168.178.1 1500 192.168.178.255 1 > /click/set_host_ip/run | |
| # IPv6 Config (Link-Local IPv6 Netmask Gateway $whatever VID) | |
| echo fe80::254 fd00::192:168:178:254 64 fd00::192:168:178:1 whatever 1 > /click/set_host_ip6/run | |
| # DNS | |
| echo nameserver 192.168.178.1 > /etc/resolv.conf | |
| # Re-Enable SSH (Password Authentication is disabled!) | |
| dropbear -E -r /storage/dropbear/dropbear_rsa_host_key -s -p 22 | |
| #echo "root:meraki" | chpasswd | |
| echo "ssh-rsa <foobar> <whatever>" > /etc/dropbear/authorized_keys | |
| echo "allow tcp dst port 22" > /click/nat/from_sw0_filter/config | |
| # Switch config | |
| # ALLOWED_VLANS: format unclear, single vlan tag seems to work | |
| # ALLOW_TAGGED_IN: 0/1 | |
| # ALLOW_UNTAGGED_IN: 0/1 | |
| # PVID: $vlan-id | |
| # UNTAGGED_VID: $vlan-id (?) | |
| # Keep in mind that ALLOW_TAGGED_IN/ALLOW_UNTAGGED_IN will change what other parameters are expected (and may cause errors if left set) | |
| echo "PORT 1, ALLOWED_VLANS 1, ALLOW_TAGGED_IN 0, ALLOW_UNTAGGED_IN 1, PVID 1, UNTAGGED_VID 1" > /click/switch_port_table/set_vlan_allports_conf | |
| echo "PORT 2, ALLOWED_VLANS 1, ALLOW_TAGGED_IN 0, ALLOW_UNTAGGED_IN 1, PVID 1, UNTAGGED_VID 1" > /click/switch_port_table/set_vlan_allports_conf | |
| echo "PORT 3, ALLOWED_VLANS 2, ALLOW_TAGGED_IN 0, ALLOW_UNTAGGED_IN 1, PVID 2, UNTAGGED_VID 2" > /click/switch_port_table/set_vlan_allports_conf | |
| echo "PORT 4, ALLOWED_VLANS 2, ALLOW_TAGGED_IN 0, ALLOW_UNTAGGED_IN 1, PVID 2, UNTAGGED_VID 2" > /click/switch_port_table/set_vlan_allports_conf | |
| echo "PORT 5, ALLOWED_VLANS 3, ALLOW_TAGGED_IN 0, ALLOW_UNTAGGED_IN 1, PVID 3, UNTAGGED_VID 3" > /click/switch_port_table/set_vlan_allports_conf | |
| echo "PORT 6, ALLOWED_VLANS 3, ALLOW_TAGGED_IN 0, ALLOW_UNTAGGED_IN 1, PVID 3, UNTAGGED_VID 3" > /click/switch_port_table/set_vlan_allports_conf | |
| echo "PORT 7, ALLOWED_VLANS 4, ALLOW_TAGGED_IN 0, ALLOW_UNTAGGED_IN 1, PVID 4, UNTAGGED_VID 4" > /click/switch_port_table/set_vlan_allports_conf | |
| echo "PORT 8, ALLOWED_VLANS 4, ALLOW_TAGGED_IN 0, ALLOW_UNTAGGED_IN 1, PVID 4, UNTAGGED_VID 4" > /click/switch_port_table/set_vlan_allports_conf | |
| echo "PORT 9, ALLOWED_VLANS 1-4094, ALLOW_TAGGED_IN 1, ALLOW_UNTAGGED_IN 0" > /click/switch_port_table/set_vlan_allports_conf | |
| echo "PORT 10, ALLOWED_VLANS 1-4094, ALLOW_TAGGED_IN 1, ALLOW_UNTAGGED_IN 0" > /click/switch_port_table/set_vlan_allports_conf | |
| # Force SFP slots to 1G (at least my test modules didn't work with auto negotation) | |
| echo "PORT 9, MODE forced, FORCE_SPEED 1Gfdx" > /click/switch_port_table/set_port_phy_cfgs | |
| echo "PORT 10, MODE forced, FORCE_SPEED 1Gfdx" > /click/switch_port_table/set_port_phy_cfgs | |
| # Link Aggregation (VLAN config is done on physical ports) | |
| echo true > /click/switch_port_table/enable_lacp_on_single_ports | |
| echo "AGGR 0, MEMBERS '9,10'" > /click/switch_port_table/add_link_aggr | |
| echo "AGGR 0, MEMBERS '9,10', FLAGS rp" > /click/switch_port_table/setup_link_aggrs | |
| # Disable CDP (lol) | |
| echo false > /click/cdp_source/send_cdp | |
| echo false > /click/cdp_source/active | |
| for i in $(seq 1 10); do | |
| echo "PORT $i, ENABLED 0" > /click/cdp_source/active_ports | |
| done | |
| # Setup LLDP | |
| echo "CiscoDisco" > /click/lldp_source/system_name | |
| echo "Cisco Meraki MS220-8P" > /click/lldp_source/system_desc | |
| echo 0 > /click/lldp_source/is_router | |
| echo 0 > /click/lldp_source/is_ap | |
| echo 1 > /click/lldp_source/is_bridge | |
| echo 0 > /click/lldp_source/include_meraki_nethash | |
| echo 30000 > /click/lldp_source/interval_ms | |
| echo 1 > /click/lldp_source/send_lldp | |
| for i in $(seq 1 10); do | |
| echo "PORT $i, ACTIVE 1" > /click/lldp_source/active_ports | |
| done | |
| # cat /click/switch_table/hosts # show lldp neighs | |
| # Setup STP | |
| echo "PRIORITY 61440, HELLO_TIME 2, FORWARD_DELAY 15, MAX_AGE 20, HOLDCOUNT 6" > /click/stp/set_params | |
| # Adjust the LED to green | |
| echo 1 > /click/sw0_ctrl/power_led_green | |
| echo 0 > /click/sw0_ctrl/power_led_orange | |
| # Cleanup | |
| killall sync_log |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment