Пример конфигурационного файла: cat << EOF >> /etc/network/interfaces
Более подробная информация: https://manpages.debian.org/testing/ifupdown-ng/interfaces-bridge.5.en.html
useradd -m -s /bin/bash net_admin
echo net_admin:P@ssw0rd | chpasswd
usermod -aG wheel net_admin
echo "net_admin ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/net_admin
echo "net_admin ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/net_admin

cat << EOF >> /etc/network/interfaces

auto ens18
iface ens18 inet static
address 172.16.50.2/28
gateway 172.16.50.1

auto br0
iface br0 inet manual
bridge-ports ens19 ens20
bridge-vlan-aware yes
bridge-vids 113 213 99

auto ens19
iface ens19
bridge-access 113

auto ens20
iface ens19
bridge-access 213

auto vlan113
iface vlan113
vlan-raw-device br0
address 192.168.113.1/29

auto vlan213
iface vlan213
vlan-raw-device br0
address 192.168.213.1/24

auto vlan813
iface vlan813
vlan-raw-device br0
address 192.168.99.1/29
EOF

systemctl restart networking.service

ip -br a

Для работы iptables нужно добавить к интерфейсу: post-down iptables-save > /etc/sysconfig/iptables
pre-up iptables-restore < /etc/sysconfig/iptables
Чтобы сохранения после перезагрузки не сбрасывались

SSH:

useradd -u 2026 -m -s /bin/bash sshuser
echo sshuser:P@ssw0rd | chpasswd
apt-get install sudo -y


apt-get install openssh-server -y
systemctl daemon-reload
systemctl enable --now sshd.service
cat << EOF > /etc/openssh/banner.txt
Authorized access only
EOF
Далее в /etc/openssh/sshd_config
Port 2013
AllowUsers sshuser
MaxAuthTries 2
Banner /etc/openssh/banner.txt

visudo /etc/sudoers.d/sshuser для sshuser ALL=(ALL) NOPASSWD: ALL

GRE
Добавьте к настройкам интерфейса на N1 в сторону C:

post-up ip tunnel add gre1 mode gre remote 172.16.60.2 local 172.16.50.2 ttl 255
post-up ip addr add 192.168.255.1/30 dev gre1
post-up ip link set gre1 up


Добавьте к настройкам интерфейса на N2 в сторону C:

post-up ip tunnel add gre1 mode gre remote 172.16.50.2 local 172.16.60.2 ttl 255
post-up ip addr add 192.168.255.2/30 dev gre1
post-up ip link set gre1 up

FRR:
N1
configure terminal
router ospf
passive-interface default
network 192.168.100.0/29 area 0
network 192.168.200.0/24 area 0
network 192.168.99.0/29 area 0
network 192.168.255.0/30 area 0
exit
interface gre1
no ip ospf passive
ip ospf authentication
ip ospf authentication-key P@ssw0rd
end
write memory

N2
configure terminal
router ospf
passive-interface default
network 192.168.3.0/29 area 0
network 192.168.255.0/30 area 0
exit
interface gre1
no ip ospf passive
ip ospf authentication
ip ospf authentication-key P@ssw0rd
end
write memory



DHCP
apt-get install dnsmasq
cp /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
echo "" > /etc/dnsmasq.conf
interface=vlan213
dhcp-range=192.168.213.3,192.168.213.254,1h
dhcp-option=1,255.255.255.0
dhcp-option=3,192.168.213.1
dhcp-option=6,192.168.113.2
domain=au-team.irpo
dhcp-host=0c:6f:7f:66:00:00,192.168.213.2
Проверка: cat /var/lib/misc/dnsmasq.leases


listen-address=192.168.113.2
server=8.8.8.8


address=/hq-rtr.au-team.irpo/172.16.50.2
ptr-record=2.1.16.172.in-addr.arpa,hq-rtr.au-team.irpo


address=/br-rtr.au-team.irpo/172.16.60.2


address=/hq-srv.au-team.irpo/192.168.113.2
ptr-record=2.100.168.192.in-addr.arpa,hq-srv.au-team.irpo


address=/hq-srv.au-team.irpo/192.168.213.2
ptr-record=2.200.168.192.in-addr.arpa,hq-cli.au-team.irpo


address=/br-srv.au-team.irpo/192.168.3.2


address=/docker.au-team.irpo/172.16.1.1
address=/web.au-team.irpo/172.16.2.1


timedatectl set-timezone 'Europe\Moscow'