wikiv2:ansible_cisco_ips

Configuração de IP e acesso SSH
- ansible
- SW2
- S2
- S3
- S4
- RO1
- R2
Testando o acesso SSH

Configuração de IP e acesso SSH

ansible

$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:50:00:00:01:00 brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    inet 192.168.122.16/24 metric 100 brd 192.168.122.255 scope global dynamic ens3
       valid_lft 3401sec preferred_lft 3401sec
    inet6 fe80::250:ff:fe00:100/64 scope link 
       valid_lft forever preferred_lft forever
3: ens4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 00:50:00:00:01:01 brd ff:ff:ff:ff:ff:ff
    altname enp0s4

$ sudo ip link set ens4 up

$ sudo ip addr add 172.16.100.2/24 dev ens4

Ou de forma persistente

$ cat /etc/netplan/00-installer-config.yaml 
# This is the network config written by 'subiquity'
network:
  ethernets:
    ens3:
      dhcp4: true
    ens4:
      dhcp4: no
      addresses:
        - 172.16.100.100/24
  version: 2

$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:50:00:00:01:00 brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    inet 192.168.122.16/24 metric 100 brd 192.168.122.255 scope global dynamic ens3
       valid_lft 3256sec preferred_lft 3256sec
    inet6 fe80::250:ff:fe00:100/64 scope link 
       valid_lft forever preferred_lft forever
3: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:50:00:00:01:01 brd ff:ff:ff:ff:ff:ff
    altname enp0s4
    inet 172.16.100.2/24 scope global ens4
       valid_lft forever preferred_lft forever
    inet6 fe80::250:ff:fe00:101/64 scope link 
       valid_lft forever preferred_lft forever

SW2

Switch>enable
Switch#configure terminal
Switch(config)#hostname sw2
sw2(config)#interface vlan 1
sw2(config-if)#ip address 172.16.100.243 255.255.255.0
sw2(config-if)#no shutdown
sw2(config-if)#exit
sw2(config)#ip domain name geanmartins.local
sw2(config)#crypto key generate rsa general-keys modulus 2048
sw2(config)#ip ssh version 2
sw2(config)#line vty 0 4
sw2(config-line)#transport input ssh 
sw2(config-line)#login local 
sw2(config-line)#exit
sw2(config)#username cisco password cisco
sw2(config)#service password-encryption 
sw2(config)#enable secret cisco
sw2(config)#end
sw2#wr

sw2#show ip interface brief 
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0     unassigned      YES unset  up                    up      
GigabitEthernet0/1     unassigned      YES unset  up                    up      
GigabitEthernet0/2     unassigned      YES unset  up                    up      
GigabitEthernet0/3     unassigned      YES unset  up                    up      
GigabitEthernet1/0     unassigned      YES unset  up                    up      
GigabitEthernet1/1     unassigned      YES unset  up                    up      
GigabitEthernet1/2     unassigned      YES unset  up                    up      
GigabitEthernet1/3     unassigned      YES unset  up                    up      
GigabitEthernet2/0     unassigned      YES unset  up                    up      
GigabitEthernet2/1     unassigned      YES unset  up                    up      
GigabitEthernet2/2     unassigned      YES unset  up                    up      
GigabitEthernet2/3     unassigned      YES unset  up                    up      
GigabitEthernet3/0     unassigned      YES unset  up                    up      
GigabitEthernet3/1     unassigned      YES unset  up                    up      
GigabitEthernet3/2     unassigned      YES unset  up                    up      
GigabitEthernet3/3     unassigned      YES unset  up                    up      
Vlan1                  172.16.100.243  YES manual up                    up

sw2#ping 172.16.100.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.100.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/7/13 ms

S2

Switch>enable 
Switch#configure terminal 
Switch(config)#interface vlan 1
Switch(config-if)#ip address 172.16.100.4 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#ip domain name geanmartins.lab
Switch(config)#crypto key generate rsa general-keys modulus 2048
Switch(config)#ip ssh version 2
Switch(config)#line vty 0 4
Switch(config-line)#transport input ssh
Switch(config-line)#login local
Switch(config-line)#exit
Switch(config)#username cisco password cisco
Switch(config)#service password-encryption
Switch(config)#enable secret cisco
Switch(config)#hostname S2
S2(config)#end
S2#wr

S2#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
Ethernet0/0            unassigned      YES unset  up                    up      
Ethernet0/1            unassigned      YES unset  up                    up      
Ethernet0/2            unassigned      YES unset  up                    up      
Ethernet0/3            unassigned      YES unset  up                    up      
Ethernet1/0            unassigned      YES unset  up                    up      
Ethernet1/1            unassigned      YES unset  up                    up      
Ethernet1/2            unassigned      YES unset  up                    up      
Ethernet1/3            unassigned      YES unset  up                    up      
Ethernet2/0            unassigned      YES unset  up                    up      
Ethernet2/1            unassigned      YES unset  up                    up      
Ethernet2/2            unassigned      YES unset  up                    up      
Ethernet2/3            unassigned      YES unset  up                    up      
Ethernet3/0            unassigned      YES unset  up                    up      
Ethernet3/1            unassigned      YES unset  up                    up      
Ethernet3/2            unassigned      YES unset  up                    up      
Ethernet3/3            unassigned      YES unset  up                    up      
Vlan1                  172.16.100.4    YES manual up                    up

S2#ping 172.16.100.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.100.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

S3

Switch>enable 
Switch#configure terminal 
Switch(config)#interface vlan 1
Switch(config-if)#ip address 172.16.100.5 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#ip domain name geanmartins.lab
Switch(config)#crypto key generate rsa general-keys modulus 2048
Switch(config)#ip ssh version 2
Switch(config)#line vty 0 4
Switch(config-line)#transport input ssh
Switch(config-line)#login local
Switch(config-line)#exit
Switch(config)#username cisco password cisco
Switch(config)#service password-encryption
Switch(config)#enable secret cisco 
Switch(config)#hostname S3
S3(config)#end
S3#wr

S3#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
Ethernet0/0            unassigned      YES unset  up                    up      
Ethernet0/1            unassigned      YES unset  up                    up      
Ethernet0/2            unassigned      YES unset  up                    up      
Ethernet0/3            unassigned      YES unset  up                    up      
Ethernet1/0            unassigned      YES unset  up                    up      
Ethernet1/1            unassigned      YES unset  up                    up      
Ethernet1/2            unassigned      YES unset  up                    up      
Ethernet1/3            unassigned      YES unset  up                    up      
Ethernet2/0            unassigned      YES unset  up                    up      
Ethernet2/1            unassigned      YES unset  up                    up      
Ethernet2/2            unassigned      YES unset  up                    up      
Ethernet2/3            unassigned      YES unset  up                    up      
Ethernet3/0            unassigned      YES unset  up                    up      
Ethernet3/1            unassigned      YES unset  up                    up      
Ethernet3/2            unassigned      YES unset  up                    up      
Ethernet3/3            unassigned      YES unset  up                    up      
Vlan1                  172.16.100.5    YES manual up                    up

S3#ping 172.16.100.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.100.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

S4

Switch>enable
Switch#configure terminal
Switch(config)#interface vlan 1
Switch(config-if)#ip address 172.16.100.6 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#exit
Switch(config)#ip domain name geanmartins.lab
Switch(config)#crypto key generate rsa general-keys modulus 2048
Switch(config)#ip ssh version 2
Switch(config)#line vty 0 4
Switch(config-line)#transport input ssh
Switch(config-line)#login local
Switch(config-line)#exit
Switch(config)#username cisco password cisco
Switch(config)#service password-encryption
Switch(config)#enable secret cisco
Switch(config)#hostname S4
S4(config)#end
S4#wr

S4#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
Ethernet0/0            unassigned      YES unset  up                    up      
Ethernet0/1            unassigned      YES unset  up                    up      
Ethernet0/2            unassigned      YES unset  up                    up      
Ethernet0/3            unassigned      YES unset  up                    up      
Ethernet1/0            unassigned      YES unset  up                    up      
Ethernet1/1            unassigned      YES unset  up                    up      
Ethernet1/2            unassigned      YES unset  up                    up      
Ethernet1/3            unassigned      YES unset  up                    up      
Ethernet2/0            unassigned      YES unset  up                    up      
Ethernet2/1            unassigned      YES unset  up                    up      
Ethernet2/2            unassigned      YES unset  up                    up      
Ethernet2/3            unassigned      YES unset  up                    up      
Ethernet3/0            unassigned      YES unset  up                    up      
Ethernet3/1            unassigned      YES unset  up                    up      
Ethernet3/2            unassigned      YES unset  up                    up      
Ethernet3/3            unassigned      YES unset  up                    up      
Vlan1                  172.16.100.6    YES manual up                    up

S4#ping 172.16.100.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.100.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

RO1

Router>enable 
Router#configure terminal
Router(config)#hostname ro1
ro1(config)#interface gigabitEthernet 0/1
ro1(config-if)#ip address 172.16.100.240 255.255.255.0
ro1(config-if)#no shutdown 
ro1(config-if)#exit
ro1(config)#ip domain name geanmartins.local
ro1(config)#crypto key generate rsa general-keys modulus 2048
ro1(config)#ip ssh version 2
ro1(config)#line vty 0 4
ro1(config-line)#transport input ssh 
ro1(config-line)#login local
ro1(config-line)#exit
ro1(config)#username cisco password cisco
ro1(config)#service password-encryption 
ro1(config)#enable secret cisco
ro1(config)#end
ro1#wr

ro1#show ip interface brief 
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         unassigned      YES unset  administratively down down    
GigabitEthernet0/1         172.16.100.240  YES manual up                    up      
GigabitEthernet0/2         unassigned      YES unset  administratively down down    
GigabitEthernet0/3         unassigned      YES unset  administratively down down

ro1#ping 172.16.100.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.100.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/18 ms

R2

Router>enable
Router#configure terminal
Router(config)#hostname R2
R2(config)#interface FastEthernet1/0
R2(config-if)#ip address 172.16.100.8 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#ip domain name geanmartins.lab
R2(config)#crypto key generate rsa general-keys modulus 2048
R2(config)#ip ssh version 2
R2(config)#line vty 0 4
R2(config-line)#transport input ssh
R2(config-line)#login local
R2(config-line)#exit
R2(config)#username cisco password cisco
R2(config)#service password-encryption
R2(config)#enable secret cisco
R2(config)#end
R2#wr

R2#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES unset  administratively down down    
FastEthernet0/1            unassigned      YES unset  administratively down down    
FastEthernet1/0            172.16.100.8    YES manual up                    up      
FastEthernet2/0            unassigned      YES unset  administratively down down

R2#ping 172.16.100.7
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.100.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/13/28 ms

Testando o acesso SSH

$ ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc cisco@172.16.100.3

Table of Contents

Configuração de IP e acesso SSH

ansible

SW2

S2

S3

S4

RO1

R2

Testando o acesso SSH