Ansible Cisco - Criando role conf_base

# cd roles/
# ansible-galaxy init conf_base
- Role conf_base was created successfully

# ls
conf_base

# cd conf_base/
# tree
.
├── README.md
├── defaults
│   └── main.yml
├── files
├── handlers
│   └── main.yml
├── meta
│   └── main.yml
├── tasks
│   └── main.yml
├── templates
├── tests
│   ├── inventory
│   └── test.yml
└── vars
    └── main.yml
 
8 directories, 8 files

# rm -rf defaults files handlers meta templates tests vars
# ls
README.md  tasks

main.yml

# cat conf_base/tasks/main.yml 
---
- name: Configuration du nom des hotes
  ios_config:
    lines: hostname {{ inventory_hostname }}

- name: configuration du nom de domaine
  ios_system:  
    domain_name: geanmartins.local

- name: configure DNS lookup sources
  ios_system:
    lookup_enabled: yes

- name: Configure banner
  ios_banner:
    banner: motd
    text: "ACCESS NON AUTORISE !! Ce routeur est la propriete de GEANMARTINS"
    state: present

- name: Configure the login banner
  ios_banner:
    banner: login
    text: |
      Bannier du login
      Veuillez vous authentifier
      SVP
    state: present

- name: Configurer les utilisateurs
  ios_config:
    lines: 
    - username admin password admin

- name: mot de passe enbale
  ios_config:
    lines: 
    - enable secret cisco

- name: crypter les passwords
  ios_config:
    lines: 
    - service password-encryption

- name: creer une clef ssh
  ios_config:
    lines: 
    - crypto key generate rsa general-keys modulus 2048

- name: configurer ssh version 2
  ios_config:
    lines: 
    - ip ssh version 2

- name: limiter les connexions ssh
  ios_config:
    lines: 
    - ip ssh logging events
    - ip ssh time-out 60
    - ip ssh authentication-retries 3

- name: Configurer les ACLs
  ios_config:
    lines: 
    - permit tcp 172.16.100.0 0.0.0.255 any log
    parents: ip access-list extended VTY-ACL
    match: strict
    replace: block

- name: reapplication de VTY-ACL sur les ligne 0 4
  ios_config:
    lines:
    - access-class VTY-ACL in
    parents: line vty 0 4

- name: Sauvegarde de la configuration
  ios_config:
    save_when: changed

playbook.yaml

# cat playbook.yaml 
---
- name: configuration de base des routeurs et switchs cisco
  hosts: all
  gather_facts: false

  pre_tasks:
  - debug:
      msg: 'Debut de la configuration'

  roles:
  - conf_base

  post_tasks:
  - debug:
      msg: 'hosts configures'

# ansible-playbook playbook.yaml -u cisco -k
SSH password: 
 
PLAY [configuration de base des routeurs et switchs cisco] ***********************************************************************************************************
 
TASK [debug] *********************************************************************************************************************************************************
ok: [sw1] => {
    "msg": "Debut de la configuration"
}
ok: [ro1] => {
    "msg": "Debut de la configuration"
}
ok: [sw3] => {
    "msg": "Debut de la configuration"
}
ok: [sw4] => {
    "msg": "Debut de la configuration"
}
ok: [sw2] => {
    "msg": "Debut de la configuration"
}
ok: [ro2] => {
    "msg": "Debut de la configuration"
}
 
TASK [conf_base : Configuration du nom des hotes] ********************************************************************************************************************
[WARNING]: To ensure idempotency and correct diff the input configuration lines should be similar to how they appear if present in the running configuration on
device
changed: [sw1]
changed: [sw3]
changed: [sw4]
changed: [sw2]
changed: [ro1]
changed: [ro2]
 
TASK [conf_base : configuration du nom de domaine] *******************************************************************************************************************
changed: [sw1]
changed: [sw4]
changed: [sw3]
changed: [sw2]
changed: [ro1]
changed: [ro2]
 
TASK [conf_base : configure DNS lookup sources] **********************************************************************************************************************
ok: [sw1]
ok: [sw3]
ok: [sw4]
ok: [sw2]
ok: [ro1]
ok: [ro2]
 
TASK [conf_base : Configure banner] **********************************************************************************************************************************
changed: [sw3]
changed: [sw1]
changed: [sw2]
changed: [sw4]
changed: [ro1]
changed: [ro2]
 
TASK [conf_base : Configure the login banner] ************************************************************************************************************************
changed: [sw1]
changed: [sw4]
changed: [sw2]
changed: [sw3]
changed: [ro1]
changed: [ro2]
 
TASK [conf_base : Configurer les utilisateurs] ***********************************************************************************************************************
changed: [sw1]
changed: [sw2]
changed: [sw4]
changed: [sw3]
changed: [ro1]
changed: [ro2]
 
TASK [conf_base : mot de passe enbale] *******************************************************************************************************************************
changed: [sw1]
changed: [sw3]
changed: [sw2]
changed: [sw4]
changed: [ro1]
changed: [ro2]
 
TASK [conf_base : crypter les passwords] *****************************************************************************************************************************
ok: [sw1]
ok: [sw4]
ok: [sw3]
ok: [sw2]
ok: [ro1]
ok: [ro2]
 
TASK [conf_base : creer une clef ssh] ********************************************************************************************************************************
changed: [sw1]
changed: [sw3]
changed: [sw2]
changed: [sw4]
changed: [ro1]
changed: [ro2]
 
TASK [conf_base : configurer ssh version 2] **************************************************************************************************************************
ok: [sw1]
ok: [sw2]
ok: [sw3]
ok: [sw4]
ok: [ro1]
ok: [ro2]
 
TASK [conf_base : limiter les connexions ssh] ************************************************************************************************************************
changed: [sw1]
changed: [sw2]
changed: [sw4]
changed: [sw3]
changed: [ro1]
changed: [ro2]
 
TASK [conf_base : Configurer les ACLs] *******************************************************************************************************************************
changed: [sw1]
changed: [sw4]
changed: [sw2]
changed: [sw3]
changed: [ro1]
changed: [ro2]
 
TASK [conf_base : reapplication de VTY-ACL sur les ligne 0 4] ********************************************************************************************************
changed: [sw1]
changed: [sw2]
changed: [sw4]
changed: [sw3]
changed: [ro1]
changed: [ro2]
 
TASK [conf_base : Sauvegarde de la configuration] ********************************************************************************************************************
ok: [sw1]
ok: [ro1]
ok: [sw2]
ok: [sw4]
ok: [sw3]
ok: [ro2]
 
TASK [debug] *********************************************************************************************************************************************************
ok: [sw1] => {
    "msg": "hosts configures"
}
ok: [sw4] => {
    "msg": "hosts configures"
}
ok: [sw2] => {
    "msg": "hosts configures"
}
ok: [sw3] => {
    "msg": "hosts configures"
}
ok: [ro1] => {
    "msg": "hosts configures"
}
ok: [ro2] => {
    "msg": "hosts configures"
}
 
PLAY RECAP ***********************************************************************************************************************************************************
ro1                        : ok=16   changed=10   unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
ro2                        : ok=16   changed=10   unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
sw1                        : ok=16   changed=10   unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
sw2                        : ok=16   changed=10   unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
sw3                        : ok=16   changed=10   unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
sw4                        : ok=16   changed=10   unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

# ssh cisco@sw1
 
Bannier du login
Veuillez vous authentifier
SVP
(cisco@sw1) Password: 
 
ACCESS NON AUTORISE !! Ce routeur est la propriete de GEANMARTINS

# ansible sw1 -m cisco.ios.ios_command -a "commands='show version'" -u cisco -k
SSH password: 
sw1 | SUCCESS => {
    "changed": false,
    "stdout": [
        "Cisco IOS Software, Linux Software (I86BI_LINUXL2-ADVENTERPRISEK9-M), Version 15.2(CML_NIGHTLY_20190423)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD, synced to  V152_6_0_81_E\nTechnical Support: http://www.cisco.com/techsupport\nCopyright (c) 1986-2019 by Cisco Systems, Inc.\nCompiled Tue 23-Apr-19 02:38 by mmen\n\nROM: Bootstrap program is Linux\n\nsw1 uptime is 5 hours, 27 minutes\nSystem returned to ROM by reload at 0\nSystem image file is \"unix:/opt/unetlab/addons/iol/bin/i86bi_linux_l2-adventerprisek9-ms.SS\"\nLast reload reason: Unknown reason\n\n\n\nThis product contains cryptographic features and is subject to United\nStates and local country laws governing import, export, transfer and\nuse. Delivery of Cisco cryptographic products does not imply\nthird-party authority to import, export, distribute or use encryption.\nImporters, exporters, distributors and users are responsible for\ncompliance with U.S. and local country laws. By using this product you\nagree to comply with applicable laws and regulations. If you are unable\nto comply with U.S. and local laws, return this product immediately.\n\nA summary of U.S. laws governing Cisco cryptographic products may be found at:\nhttp://www.cisco.com/wwl/export/crypto/tool/stqrg.html\n\nIf you require further assistance please contact us by sending email to\nexport@cisco.com.\n\nLinux Unix (Intel-x86) processor with 135059K bytes of memory.\nProcessor board ID 67108896\n16 Ethernet interfaces\n1 Virtual Ethernet interface\n128K bytes of NVRAM.\n\nConfiguration register is 0x0"
    ],
    "stdout_lines": [
        [
            "Cisco IOS Software, Linux Software (I86BI_LINUXL2-ADVENTERPRISEK9-M), Version 15.2(CML_NIGHTLY_20190423)FLO_DSGS7, EARLY DEPLOYMENT DEVELOPMENT BUILD, synced to  V152_6_0_81_E",
            "Technical Support: http://www.cisco.com/techsupport",
            "Copyright (c) 1986-2019 by Cisco Systems, Inc.",
            "Compiled Tue 23-Apr-19 02:38 by mmen",
            "",
            "ROM: Bootstrap program is Linux",
            "",
            "sw1 uptime is 5 hours, 27 minutes",
            "System returned to ROM by reload at 0",
            "System image file is \"unix:/opt/unetlab/addons/iol/bin/i86bi_linux_l2-adventerprisek9-ms.SS\"",
            "Last reload reason: Unknown reason",
            "",
            "",
            "",
            "This product contains cryptographic features and is subject to United",
            "States and local country laws governing import, export, transfer and",
            "use. Delivery of Cisco cryptographic products does not imply",
            "third-party authority to import, export, distribute or use encryption.",
            "Importers, exporters, distributors and users are responsible for",
            "compliance with U.S. and local country laws. By using this product you",
            "agree to comply with applicable laws and regulations. If you are unable",
            "to comply with U.S. and local laws, return this product immediately.",
            "",
            "A summary of U.S. laws governing Cisco cryptographic products may be found at:",
            "http://www.cisco.com/wwl/export/crypto/tool/stqrg.html",
            "",
            "If you require further assistance please contact us by sending email to",
            "export@cisco.com.",
            "",
            "Linux Unix (Intel-x86) processor with 135059K bytes of memory.",
            "Processor board ID 67108896",
            "16 Ethernet interfaces",
            "1 Virtual Ethernet interface",
            "128K bytes of NVRAM.",
            "",
            "Configuration register is 0x0"
        ]
    ]
}

# ansible ro1 -m cisco.ios.ios_command -a "commands='show version'" -u cisco -k
SSH password: 
ro1 | SUCCESS => {
    "changed": false,
    "stdout": [
        "Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T14, RELEASE SOFTWARE (fc2)\nTechnical Support: http://www.cisco.com/techsupport\nCopyright (c) 1986-2010 by Cisco Systems, Inc.\nCompiled Tue 17-Aug-10 12:08 by prod_rel_team\n\nROM: ROMMON Emulation Microcode\nROM: 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T14, RELEASE SOFTWARE (fc2)\n\nro1 uptime is 2 hours, 32 minutes\nSystem returned to ROM by unknown reload cause - suspect boot_data[BOOT_COUNT] 0x0, BOOT_COUNT 0, BOOTDATA 19\nSystem image file is \"tftp://255.255.255.255/unknown\"\n\n\nThis product contains cryptographic features and is subject to United\nStates and local country laws governing import, export, transfer and\nuse. Delivery of Cisco cryptographic products does not imply\nthird-party authority to import, export, distribute or use encryption.\nImporters, exporters, distributors and users are responsible for\ncompliance with U.S. and local country laws. By using this product you\nagree to comply with applicable laws and regulations. If you are unable\nto comply with U.S. and local laws, return this product immediately.\n\nA summary of U.S. laws governing Cisco cryptographic products may be found at:\nhttp://www.cisco.com/wwl/export/crypto/tool/stqrg.html\n\nIf you require further assistance please contact us by sending email to\nexport@cisco.com.\n\nCisco 3725 (R7000) processor (revision 0.1) with 249856K/12288K bytes of memory.\nProcessor board ID FTX0945W0MY\nR7000 CPU at 240MHz, Implementation 39, Rev 2.1, 256KB L2, 512KB L3 Cache\n4 FastEthernet interfaces\nDRAM configuration is 64 bits wide with parity enabled.\n55K bytes of NVRAM.\n131072K bytes of ATA System CompactFlash (Read/Write)\n131072K bytes of ATA Slot0 CompactFlash (Read/Write)\n\nConfiguration register is 0x2142"
    ],
    "stdout_lines": [
        [
            "Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T14, RELEASE SOFTWARE (fc2)",
            "Technical Support: http://www.cisco.com/techsupport",
            "Copyright (c) 1986-2010 by Cisco Systems, Inc.",
            "Compiled Tue 17-Aug-10 12:08 by prod_rel_team",
            "",
            "ROM: ROMMON Emulation Microcode",
            "ROM: 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T14, RELEASE SOFTWARE (fc2)",
            "",
            "ro1 uptime is 2 hours, 32 minutes",
            "System returned to ROM by unknown reload cause - suspect boot_data[BOOT_COUNT] 0x0, BOOT_COUNT 0, BOOTDATA 19",
            "System image file is \"tftp://255.255.255.255/unknown\"",
            "",
            "",
            "This product contains cryptographic features and is subject to United",
            "States and local country laws governing import, export, transfer and",
            "use. Delivery of Cisco cryptographic products does not imply",
            "third-party authority to import, export, distribute or use encryption.",
            "Importers, exporters, distributors and users are responsible for",
            "compliance with U.S. and local country laws. By using this product you",
            "agree to comply with applicable laws and regulations. If you are unable",
            "to comply with U.S. and local laws, return this product immediately.",
            "",
            "A summary of U.S. laws governing Cisco cryptographic products may be found at:",
            "http://www.cisco.com/wwl/export/crypto/tool/stqrg.html",
            "",
            "If you require further assistance please contact us by sending email to",
            "export@cisco.com.",
            "",
            "Cisco 3725 (R7000) processor (revision 0.1) with 249856K/12288K bytes of memory.",
            "Processor board ID FTX0945W0MY",
            "R7000 CPU at 240MHz, Implementation 39, Rev 2.1, 256KB L2, 512KB L3 Cache",
            "4 FastEthernet interfaces",
            "DRAM configuration is 64 bits wide with parity enabled.",
            "55K bytes of NVRAM.",
            "131072K bytes of ATA System CompactFlash (Read/Write)",
            "131072K bytes of ATA Slot0 CompactFlash (Read/Write)",
            "",
            "Configuration register is 0x2142"
        ]
    ]
}

# ansible sw1 -m cisco.ios.ios_command -a "commands='sh run'" -u cisco -k
SSH password: 
sw1 | SUCCESS => {
    "changed": false,
    "stdout": [
        "Building configuration...\n\nCurrent configuration : 1648 bytes\n!\n! Last configuration change at 20:21:10 UTC Wed Mar 15 2023 by cisco\n!\nversion 15.2\nservice timestamps debug datetime msec\nservice timestamps log datetime msec\nservice password-encryption\nservice compress-config\n!\nhostname sw1\n!\nboot-start-marker\nboot-end-marker\n!\n!\nenable secret 5 $1$0RcP$GElrZhymKJY2JRLmSpVz2.\n!\nusername cisco password 7 094F471A1A0A\nusername admin password 7 14161606050A\nno aaa new-model\n!\n!\n!\n!\n!\n!\n!\n!\nip domain-name geanmartins.local\nip cef\nno ipv6 cef\n!\n!\n!\nspanning-tree mode pvst\nspanning-tree extend system-id\n!\n!\n! \n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\ninterface Ethernet0/0\n!\ninterface Ethernet0/1\n!\ninterface Ethernet0/2\n!\ninterface Ethernet0/3\n!\ninterface Ethernet1/0\n!\ninterface Ethernet1/1\n!\ninterface Ethernet1/2\n!\ninterface Ethernet1/3\n!\ninterface Ethernet2/0\n!\ninterface Ethernet2/1\n!\ninterface Ethernet2/2\n!\ninterface Ethernet2/3\n!\ninterface Ethernet3/0\n!\ninterface Ethernet3/1\n!\ninterface Ethernet3/2\n!\ninterface Ethernet3/3\n!\ninterface Vlan1\n ip address 172.16.100.3 255.255.255.0\n!\nip forward-protocol nd\n!\nip http server\nip http secure-server\n!\nip ssh time-out 60\nip ssh logging events\nip ssh version 2\nip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr\nip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr\n!\nip access-list extended VTY-ACL\n permit tcp 172.16.100.0 0.0.0.255 any log\n!\n!\n!\n!\ncontrol-plane\n!\nbanner login ^C\nBannier du login\nVeuillez vous authentifier\nSVP\n^C\nbanner motd ^C\nACCESS NON AUTORISE !! Ce routeur est la propriete de GEANMARTINS\n^C\n!\nline con 0\n logging synchronous\nline aux 0\nline vty 0 4\n access-class VTY-ACL in\n login local\n transport input ssh\n!\n!\n!\nend"
    ],
    "stdout_lines": [
        [
            "Building configuration...",
            "",
            "Current configuration : 1648 bytes",
            "!",
            "! Last configuration change at 20:21:10 UTC Wed Mar 15 2023 by cisco",
            "!",
            "version 15.2",
            "service timestamps debug datetime msec",
            "service timestamps log datetime msec",
            "service password-encryption",
            "service compress-config",
            "!",
            "hostname sw1",
            "!",
            "boot-start-marker",
            "boot-end-marker",
            "!",
            "!",
            "enable secret 5 $1$0RcP$GElrZhymKJY2JRLmSpVz2.",
            "!",
            "username cisco password 7 094F471A1A0A",
            "username admin password 7 14161606050A",
            "no aaa new-model",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "ip domain-name geanmartins.local",
            "ip cef",
            "no ipv6 cef",
            "!",
            "!",
            "!",
            "spanning-tree mode pvst",
            "spanning-tree extend system-id",
            "!",
            "!",
            "! ",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "interface Ethernet0/0",
            "!",
            "interface Ethernet0/1",
            "!",
            "interface Ethernet0/2",
            "!",
            "interface Ethernet0/3",
            "!",
            "interface Ethernet1/0",
            "!",
            "interface Ethernet1/1",
            "!",
            "interface Ethernet1/2",
            "!",
            "interface Ethernet1/3",
            "!",
            "interface Ethernet2/0",
            "!",
            "interface Ethernet2/1",
            "!",
            "interface Ethernet2/2",
            "!",
            "interface Ethernet2/3",
            "!",
            "interface Ethernet3/0",
            "!",
            "interface Ethernet3/1",
            "!",
            "interface Ethernet3/2",
            "!",
            "interface Ethernet3/3",
            "!",
            "interface Vlan1",
            " ip address 172.16.100.3 255.255.255.0",
            "!",
            "ip forward-protocol nd",
            "!",
            "ip http server",
            "ip http secure-server",
            "!",
            "ip ssh time-out 60",
            "ip ssh logging events",
            "ip ssh version 2",
            "ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr",
            "ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr",
            "!",
            "ip access-list extended VTY-ACL",
            " permit tcp 172.16.100.0 0.0.0.255 any log",
            "!",
            "!",
            "!",
            "!",
            "control-plane",
            "!",
            "banner login ^C",
            "Bannier du login",
            "Veuillez vous authentifier",
            "SVP",
            "^C",
            "banner motd ^C",
            "ACCESS NON AUTORISE !! Ce routeur est la propriete de GEANMARTINS",
            "^C",
            "!",
            "line con 0",
            " logging synchronous",
            "line aux 0",
            "line vty 0 4",
            " access-class VTY-ACL in",
            " login local",
            " transport input ssh",
            "!",
            "!",
            "!",
            "end"
        ]
    ]
}

# ansible ro1 -m cisco.ios.ios_command -a "commands='sh run'" -u cisco -k
SSH password: 
ro1 | SUCCESS => {
    "changed": false,
    "stdout": [
        "Building configuration...\n\nCurrent configuration : 1338 bytes\n!\nversion 12.4\nservice timestamps debug datetime msec\nservice timestamps log datetime msec\nservice password-encryption\n!\nhostname ro1\n!\nboot-start-marker\nboot-end-marker\n!\nenable secret 5 $1$d1uH$BcgUQT8Rz6.ld99W9K2yk1\n!\nno aaa new-model\nmemory-size iomem 5\nip cef\n!\n!\n!\n!\nip domain name geanmartins.local\n!\nmultilink bundle-name authenticated\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\n!\nusername cisco password 7 070C285F4D06\nusername admin password 7 020700560208\narchive\n log config\n  hidekeys\n! \n!\n!\n!\nip ssh time-out 60\nip ssh logging events\nip ssh version 2\n!\n!\n!\n!\ninterface FastEthernet0/0\n no ip address\n shutdown\n duplex auto\n speed auto\n!\ninterface FastEthernet0/1\n no ip address\n shutdown\n duplex auto\n speed auto\n!\ninterface FastEthernet1/0\n ip address 172.16.100.7 255.255.255.0\n duplex auto\n speed auto\n!\ninterface FastEthernet2/0\n no ip address\n shutdown\n duplex auto\n speed auto\n!\nip forward-protocol nd\n!\n!\nip http server\nno ip http secure-server\n!\nip access-list extended VTY-ACL\n permit tcp 172.16.100.0 0.0.0.255 any log\n!\n!\n!\n!\n!\n!\n!\ncontrol-plane\n!\n!\n!\n!\n!\n!\n!\n!\n!\nbanner login ^C\nBannier du login\nVeuillez vous authentifier\nSVP\n^C\nbanner motd ^C\nACCESS NON AUTORISE !! Ce routeur est la propriete de GEANMARTINS\n^C\n!\nline con 0\nline aux 0\nline vty 0 4\n access-class VTY-ACL in\n login local\n transport input ssh\n!\n!\nend"
    ],
    "stdout_lines": [
        [
            "Building configuration...",
            "",
            "Current configuration : 1338 bytes",
            "!",
            "version 12.4",
            "service timestamps debug datetime msec",
            "service timestamps log datetime msec",
            "service password-encryption",
            "!",
            "hostname ro1",
            "!",
            "boot-start-marker",
            "boot-end-marker",
            "!",
            "enable secret 5 $1$d1uH$BcgUQT8Rz6.ld99W9K2yk1",
            "!",
            "no aaa new-model",
            "memory-size iomem 5",
            "ip cef",
            "!",
            "!",
            "!",
            "!",
            "ip domain name geanmartins.local",
            "!",
            "multilink bundle-name authenticated",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "username cisco password 7 070C285F4D06",
            "username admin password 7 020700560208",
            "archive",
            " log config",
            "  hidekeys",
            "! ",
            "!",
            "!",
            "!",
            "ip ssh time-out 60",
            "ip ssh logging events",
            "ip ssh version 2",
            "!",
            "!",
            "!",
            "!",
            "interface FastEthernet0/0",
            " no ip address",
            " shutdown",
            " duplex auto",
            " speed auto",
            "!",
            "interface FastEthernet0/1",
            " no ip address",
            " shutdown",
            " duplex auto",
            " speed auto",
            "!",
            "interface FastEthernet1/0",
            " ip address 172.16.100.7 255.255.255.0",
            " duplex auto",
            " speed auto",
            "!",
            "interface FastEthernet2/0",
            " no ip address",
            " shutdown",
            " duplex auto",
            " speed auto",
            "!",
            "ip forward-protocol nd",
            "!",
            "!",
            "ip http server",
            "no ip http secure-server",
            "!",
            "ip access-list extended VTY-ACL",
            " permit tcp 172.16.100.0 0.0.0.255 any log",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "control-plane",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "!",
            "banner login ^C",
            "Bannier du login",
            "Veuillez vous authentifier",
            "SVP",
            "^C",
            "banner motd ^C",
            "ACCESS NON AUTORISE !! Ce routeur est la propriete de GEANMARTINS",
            "^C",
            "!",
            "line con 0",
            "line aux 0",
            "line vty 0 4",
            " access-class VTY-ACL in",
            " login local",
            " transport input ssh",
            "!",
            "!",
            "end"
        ]
    ]
}

# ansible sw2 -m ios_command -a "commands='show running-config | section ^interface'" -u cisco -k
SSH password: 
sw2 | SUCCESS => {
    "changed": false,
    "stdout": [
        "interface GigabitEthernet0/0\n negotiation auto\ninterface GigabitEthernet0/1\n negotiation auto\ninterface GigabitEthernet0/2\n negotiation auto\ninterface GigabitEthernet0/3\n negotiation auto\ninterface GigabitEthernet1/0\n negotiation auto\ninterface GigabitEthernet1/1\n negotiation auto\ninterface GigabitEthernet1/2\n negotiation auto\ninterface GigabitEthernet1/3\n negotiation auto\ninterface GigabitEthernet2/0\n negotiation auto\ninterface GigabitEthernet2/1\n negotiation auto\ninterface GigabitEthernet2/2\n negotiation auto\ninterface GigabitEthernet2/3\n negotiation auto\ninterface GigabitEthernet3/0\n negotiation auto\ninterface GigabitEthernet3/1\n negotiation auto\ninterface GigabitEthernet3/2\n negotiation auto\ninterface GigabitEthernet3/3\n negotiation auto\ninterface Vlan1\n ip address 172.16.100.242 255.255.255.0"
    ],
    "stdout_lines": [
        [
            "interface GigabitEthernet0/0",
            " negotiation auto",
            "interface GigabitEthernet0/1",
            " negotiation auto",
            "interface GigabitEthernet0/2",
            " negotiation auto",
            "interface GigabitEthernet0/3",
            " negotiation auto",
            "interface GigabitEthernet1/0",
            " negotiation auto",
            "interface GigabitEthernet1/1",
            " negotiation auto",
            "interface GigabitEthernet1/2",
            " negotiation auto",
            "interface GigabitEthernet1/3",
            " negotiation auto",
            "interface GigabitEthernet2/0",
            " negotiation auto",
            "interface GigabitEthernet2/1",
            " negotiation auto",
            "interface GigabitEthernet2/2",
            " negotiation auto",
            "interface GigabitEthernet2/3",
            " negotiation auto",
            "interface GigabitEthernet3/0",
            " negotiation auto",
            "interface GigabitEthernet3/1",
            " negotiation auto",
            "interface GigabitEthernet3/2",
            " negotiation auto",
            "interface GigabitEthernet3/3",
            " negotiation auto",
            "interface Vlan1",
            " ip address 172.16.100.242 255.255.255.0"
        ]
    ]
}

1. cisco.ios.ios_command module
2. cisco.ios.ios_config module
3. Cisco.Ios
4. Roles