Table of Contents

Ansible Cisco - VLANs

Criando a role

# cd /etc/ansible/roles/
# mkdir -p vlans/tasks
main.yaml
# vim vlans/tasks/main.yaml
---
- name: Configuration du VLAN 10 et 20 sur les switchs
  ios_vlans:
    config:
    - name: Vlan_10
      vlan_id: 10
      state: active
      shutdown: disabled
      
    - name: Vlan_20
      vlan_id: 20
      state: active
      shutdown: enabled

    - name: Vlan_30
      vlan_id: 30
      state: active
      shutdown: disabled
    state: merged

- name: Affectation des vlans aux interfaces
  ios_l2_interfaces:
    config:
    - name: Ethernet4/0
      mode: access
      access:
        vlan: 10

    - name: Ethernet4/1
      mode: access
      access:
        vlan: 10

    - name: Ethernet4/2
      mode: access
      access:
        vlan: 10

    - name: Ethernet4/3
      mode: access
      access:
        vlan: 10

    - name: Ethernet7/0
      mode: trunk
      trunk:
        allowed_vlans: 10,30,40
        encapsulation: dot1q

    - name: Ethernet7/1
      mode: trunk
      trunk:
        allowed_vlans: 10,30,40
        encapsulation: dot1q

    - name: Ethernet5/1
      mode: access
      access:
        vlan: 20

    - name: Ethernet6/0-3
      mode: access
      access:
        vlan: 30   
    state: merged  
    
- name: Configuration de  la default gateway sur les switchs
  ios_config:
    lines: ip default-gateway 172.16.100.7

- name: Configuration de la security des ports
  ios_config:
    lines:
    - switchport port-security
    - switchport port-security maximum 10
    - switchport port-security mac-address sticky
    - switchport port-security violation shutdown
    parents: interface Ethernet4/0

- name: Configuration de la security du port Ethernet4/1
  ios_config:
    lines:
    - switchport port-security
    - switchport port-security maximum 10
    - switchport port-security mac-address sticky
    - switchport port-security violation shutdown
    parents: interface Ethernet4/1

- name: Configuration de la security du port Ethernet4/2
  ios_config:
    lines:
    - switchport port-security
    - switchport port-security maximum 10
    - switchport port-security mac-address sticky
    - switchport port-security violation shutdown
    parents: interface Ethernet4/2

- name: Configuration de la security du port Ethernet4/3
  ios_config:
    lines:
    - switchport port-security
    - switchport port-security maximum 10
    - switchport port-security mac-address sticky
    - switchport port-security violation shutdown
    parents: interface Ethernet4/3
 

- name: Configuration de la security du port Ethernet5/0
  ios_config:
    lines:
    - switchport port-security
    - switchport port-security maximum 10
    - switchport port-security mac-address sticky
    - switchport port-security violation shutdown
    parents: interface Ethernet5/0

- name: Configuration de la security du port Ethernet5/1
  ios_config:
    lines:
    - switchport port-security
    - switchport port-security maximum 10
    - switchport port-security mac-address sticky
    - switchport port-security violation shutdown
    parents: interface Ethernet5/1

- name: Configuration de la security du port Ethernet5/2
  ios_config:
    lines:
    - switchport port-security
    - switchport port-security maximum 10
    - switchport port-security mac-address sticky
    - switchport port-security violation shutdown
    parents: interface Ethernet5/2

- name: Configuration de la security du port Ethernet5/3
  ios_config:
    lines:
    - switchport port-security
    - switchport port-security maximum 10
    - switchport port-security mac-address sticky
    - switchport port-security violation shutdown
    parents: interface Ethernet5/3             

- name: Configuration de la security du port Ethernet6/0
  ios_config:
    lines:
    - switchport port-security
    - switchport port-security maximum 10
    - switchport port-security mac-address sticky
    - switchport port-security violation shutdown
    parents: interface Ethernet6/0

- name: Configuration de la security du port Ethernet6/1
  ios_config:
    lines:
    - switchport port-security
    - switchport port-security maximum 10
    - switchport port-security mac-address sticky
    - switchport port-security violation shutdown
    parents: interface Ethernet6/1

Criando a plybook

playbook_vlans.yaml 
# vim playbook_vlans.yaml 
---
- name: Configuration de base des routeurs et switchs cisco
  hosts: switchs
  gather_facts: false

  pre_tasks:
  - debug:
      msg: 'Debut de la configuration.'

  roles:
  - vlans

  post_tasks:
  - debug:
      msg: 'Hosts configures.'

ReferĂȘncias

  1. cisco.ios.ios_l2_interfaces module