====== Ansible Cisco - VLANs ======

===== Criando a role =====

<code bash>
# cd /etc/ansible/roles/
# mkdir -p vlans/tasks
</code>

<file yaml main.yaml>
# vim vlans/tasks/main.yaml
---
- name: Configuration du VLAN 10 et 20 sur les switchs
  ios_vlans:
    config:
    - name: Vlan_10
      vlan_id: 10
      state: active
      shutdown: disabled
      
    - name: Vlan_20
      vlan_id: 20
      state: active
      shutdown: enabled

    - name: Vlan_30
      vlan_id: 30
      state: active
      shutdown: disabled
    state: merged

- name: Affectation des vlans aux interfaces
  ios_l2_interfaces:
    config:
    - name: Ethernet4/0
      mode: access
      access:
        vlan: 10

    - name: Ethernet4/1
      mode: access
      access:
        vlan: 10

    - name: Ethernet4/2
      mode: access
      access:
        vlan: 10

    - name: Ethernet4/3
      mode: access
      access:
        vlan: 10

    - name: Ethernet7/0
      mode: trunk
      trunk:
        allowed_vlans: 10,30,40
        encapsulation: dot1q

    - name: Ethernet7/1
      mode: trunk
      trunk:
        allowed_vlans: 10,30,40
        encapsulation: dot1q

    - name: Ethernet5/1
      mode: access
      access:
        vlan: 20

    - name: Ethernet6/0-3
      mode: access
      access:
        vlan: 30   
    state: merged  
    
- name: Configuration de  la default gateway sur les switchs
  ios_config:
    lines: ip default-gateway 172.16.100.7

- name: Configuration de la security des ports
  ios_config:
    lines:
    - switchport port-security
    - switchport port-security maximum 10
    - switchport port-security mac-address sticky
    - switchport port-security violation shutdown
    parents: interface Ethernet4/0

- name: Configuration de la security du port Ethernet4/1
  ios_config:
    lines:
    - switchport port-security
    - switchport port-security maximum 10
    - switchport port-security mac-address sticky
    - switchport port-security violation shutdown
    parents: interface Ethernet4/1

- name: Configuration de la security du port Ethernet4/2
  ios_config:
    lines:
    - switchport port-security
    - switchport port-security maximum 10
    - switchport port-security mac-address sticky
    - switchport port-security violation shutdown
    parents: interface Ethernet4/2

- name: Configuration de la security du port Ethernet4/3
  ios_config:
    lines:
    - switchport port-security
    - switchport port-security maximum 10
    - switchport port-security mac-address sticky
    - switchport port-security violation shutdown
    parents: interface Ethernet4/3


- name: Configuration de la security du port Ethernet5/0
  ios_config:
    lines:
    - switchport port-security
    - switchport port-security maximum 10
    - switchport port-security mac-address sticky
    - switchport port-security violation shutdown
    parents: interface Ethernet5/0

- name: Configuration de la security du port Ethernet5/1
  ios_config:
    lines:
    - switchport port-security
    - switchport port-security maximum 10
    - switchport port-security mac-address sticky
    - switchport port-security violation shutdown
    parents: interface Ethernet5/1

- name: Configuration de la security du port Ethernet5/2
  ios_config:
    lines:
    - switchport port-security
    - switchport port-security maximum 10
    - switchport port-security mac-address sticky
    - switchport port-security violation shutdown
    parents: interface Ethernet5/2

- name: Configuration de la security du port Ethernet5/3
  ios_config:
    lines:
    - switchport port-security
    - switchport port-security maximum 10
    - switchport port-security mac-address sticky
    - switchport port-security violation shutdown
    parents: interface Ethernet5/3             

- name: Configuration de la security du port Ethernet6/0
  ios_config:
    lines:
    - switchport port-security
    - switchport port-security maximum 10
    - switchport port-security mac-address sticky
    - switchport port-security violation shutdown
    parents: interface Ethernet6/0

- name: Configuration de la security du port Ethernet6/1
  ios_config:
    lines:
    - switchport port-security
    - switchport port-security maximum 10
    - switchport port-security mac-address sticky
    - switchport port-security violation shutdown
    parents: interface Ethernet6/1
</file>

===== Criando a plybook =====
<file yaml playbook_vlans.yaml >
# vim playbook_vlans.yaml 
---
- name: Configuration de base des routeurs et switchs cisco
  hosts: switchs
  gather_facts: false

  pre_tasks:
  - debug:
      msg: 'Debut de la configuration.'

  roles:
  - vlans

  post_tasks:
  - debug:
      msg: 'Hosts configures.'
</file>

===== Referências =====
  - [[https://docs.ansible.com/ansible/latest/collections/cisco/ios/ios_l2_interfaces_module.html#ansible-collections-cisco-ios-ios-l2-interfaces-module|cisco.ios.ios_l2_interfaces module]]