wikiv2:ansible_cisco_ips_ssh
Table of Contents
Configuração de IP e acesso SSH
ansible
$ ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:50:00:00:01:00 brd ff:ff:ff:ff:ff:ff altname enp0s3 inet 192.168.122.16/24 metric 100 brd 192.168.122.255 scope global dynamic ens3 valid_lft 3401sec preferred_lft 3401sec inet6 fe80::250:ff:fe00:100/64 scope link valid_lft forever preferred_lft forever 3: ens4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 00:50:00:00:01:01 brd ff:ff:ff:ff:ff:ff altname enp0s4
$ sudo ip link set ens4 up
$ sudo ip addr add 172.16.100.2/24 dev ens4
Ou de forma persistente
$ cat /etc/netplan/00-installer-config.yaml # This is the network config written by 'subiquity' network: ethernets: ens3: dhcp4: true ens4: dhcp4: no addresses: - 172.16.100.100/24 version: 2
$ ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:50:00:00:01:00 brd ff:ff:ff:ff:ff:ff altname enp0s3 inet 192.168.122.16/24 metric 100 brd 192.168.122.255 scope global dynamic ens3 valid_lft 3256sec preferred_lft 3256sec inet6 fe80::250:ff:fe00:100/64 scope link valid_lft forever preferred_lft forever 3: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:50:00:00:01:01 brd ff:ff:ff:ff:ff:ff altname enp0s4 inet 172.16.100.2/24 scope global ens4 valid_lft forever preferred_lft forever inet6 fe80::250:ff:fe00:101/64 scope link valid_lft forever preferred_lft forever
SW2
Switch>enable Switch#configure terminal Switch(config)#hostname sw2 sw2(config)#interface vlan 1 sw2(config-if)#ip address 172.16.100.243 255.255.255.0 sw2(config-if)#no shutdown sw2(config-if)#exit sw2(config)#ip domain name geanmartins.local sw2(config)#crypto key generate rsa general-keys modulus 2048 sw2(config)#ip ssh version 2 sw2(config)#line vty 0 4 sw2(config-line)#transport input ssh sw2(config-line)#login local sw2(config-line)#exit sw2(config)#username cisco password cisco sw2(config)#service password-encryption sw2(config)#enable secret cisco sw2(config)#end sw2#wr
sw2#show ip interface brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 unassigned YES unset up up GigabitEthernet0/1 unassigned YES unset up up GigabitEthernet0/2 unassigned YES unset up up GigabitEthernet0/3 unassigned YES unset up up GigabitEthernet1/0 unassigned YES unset up up GigabitEthernet1/1 unassigned YES unset up up GigabitEthernet1/2 unassigned YES unset up up GigabitEthernet1/3 unassigned YES unset up up GigabitEthernet2/0 unassigned YES unset up up GigabitEthernet2/1 unassigned YES unset up up GigabitEthernet2/2 unassigned YES unset up up GigabitEthernet2/3 unassigned YES unset up up GigabitEthernet3/0 unassigned YES unset up up GigabitEthernet3/1 unassigned YES unset up up GigabitEthernet3/2 unassigned YES unset up up GigabitEthernet3/3 unassigned YES unset up up Vlan1 172.16.100.243 YES manual up up
sw2#ping 172.16.100.100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.100.100, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 3/7/13 ms
S2
Switch>enable Switch#configure terminal Switch(config)#interface vlan 1 Switch(config-if)#ip address 172.16.100.4 255.255.255.0 Switch(config-if)#no shutdown Switch(config-if)#exit Switch(config)#ip domain name geanmartins.lab Switch(config)#crypto key generate rsa general-keys modulus 2048 Switch(config)#ip ssh version 2 Switch(config)#line vty 0 4 Switch(config-line)#transport input ssh Switch(config-line)#login local Switch(config-line)#exit Switch(config)#username cisco password cisco Switch(config)#service password-encryption Switch(config)#enable secret cisco Switch(config)#hostname S2 S2(config)#end S2#wr
S2#show ip interface brief Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES unset up up Ethernet0/1 unassigned YES unset up up Ethernet0/2 unassigned YES unset up up Ethernet0/3 unassigned YES unset up up Ethernet1/0 unassigned YES unset up up Ethernet1/1 unassigned YES unset up up Ethernet1/2 unassigned YES unset up up Ethernet1/3 unassigned YES unset up up Ethernet2/0 unassigned YES unset up up Ethernet2/1 unassigned YES unset up up Ethernet2/2 unassigned YES unset up up Ethernet2/3 unassigned YES unset up up Ethernet3/0 unassigned YES unset up up Ethernet3/1 unassigned YES unset up up Ethernet3/2 unassigned YES unset up up Ethernet3/3 unassigned YES unset up up Vlan1 172.16.100.4 YES manual up up
S2#ping 172.16.100.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.100.3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
S3
Switch>enable Switch#configure terminal Switch(config)#interface vlan 1 Switch(config-if)#ip address 172.16.100.5 255.255.255.0 Switch(config-if)#no shutdown Switch(config-if)#exit Switch(config)#ip domain name geanmartins.lab Switch(config)#crypto key generate rsa general-keys modulus 2048 Switch(config)#ip ssh version 2 Switch(config)#line vty 0 4 Switch(config-line)#transport input ssh Switch(config-line)#login local Switch(config-line)#exit Switch(config)#username cisco password cisco Switch(config)#service password-encryption Switch(config)#enable secret cisco Switch(config)#hostname S3 S3(config)#end S3#wr
S3#show ip interface brief Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES unset up up Ethernet0/1 unassigned YES unset up up Ethernet0/2 unassigned YES unset up up Ethernet0/3 unassigned YES unset up up Ethernet1/0 unassigned YES unset up up Ethernet1/1 unassigned YES unset up up Ethernet1/2 unassigned YES unset up up Ethernet1/3 unassigned YES unset up up Ethernet2/0 unassigned YES unset up up Ethernet2/1 unassigned YES unset up up Ethernet2/2 unassigned YES unset up up Ethernet2/3 unassigned YES unset up up Ethernet3/0 unassigned YES unset up up Ethernet3/1 unassigned YES unset up up Ethernet3/2 unassigned YES unset up up Ethernet3/3 unassigned YES unset up up Vlan1 172.16.100.5 YES manual up up
S3#ping 172.16.100.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.100.4, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
S4
Switch>enable Switch#configure terminal Switch(config)#interface vlan 1 Switch(config-if)#ip address 172.16.100.6 255.255.255.0 Switch(config-if)#no shutdown Switch(config-if)#exit Switch(config)#ip domain name geanmartins.lab Switch(config)#crypto key generate rsa general-keys modulus 2048 Switch(config)#ip ssh version 2 Switch(config)#line vty 0 4 Switch(config-line)#transport input ssh Switch(config-line)#login local Switch(config-line)#exit Switch(config)#username cisco password cisco Switch(config)#service password-encryption Switch(config)#enable secret cisco Switch(config)#hostname S4 S4(config)#end S4#wr
S4#show ip interface brief Interface IP-Address OK? Method Status Protocol Ethernet0/0 unassigned YES unset up up Ethernet0/1 unassigned YES unset up up Ethernet0/2 unassigned YES unset up up Ethernet0/3 unassigned YES unset up up Ethernet1/0 unassigned YES unset up up Ethernet1/1 unassigned YES unset up up Ethernet1/2 unassigned YES unset up up Ethernet1/3 unassigned YES unset up up Ethernet2/0 unassigned YES unset up up Ethernet2/1 unassigned YES unset up up Ethernet2/2 unassigned YES unset up up Ethernet2/3 unassigned YES unset up up Ethernet3/0 unassigned YES unset up up Ethernet3/1 unassigned YES unset up up Ethernet3/2 unassigned YES unset up up Ethernet3/3 unassigned YES unset up up Vlan1 172.16.100.6 YES manual up up
S4#ping 172.16.100.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.100.5, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
RO1
Router>enable Router#configure terminal Router(config)#hostname ro1 ro1(config)#interface gigabitEthernet 0/1 ro1(config-if)#ip address 172.16.100.240 255.255.255.0 ro1(config-if)#no shutdown ro1(config-if)#exit ro1(config)#ip domain name geanmartins.local ro1(config)#crypto key generate rsa general-keys modulus 2048 ro1(config)#ip ssh version 2 ro1(config)#line vty 0 4 ro1(config-line)#transport input ssh ro1(config-line)#login local ro1(config-line)#exit ro1(config)#username cisco password cisco ro1(config)#service password-encryption ro1(config)#enable secret cisco ro1(config)#end ro1#wr
ro1#show ip interface brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 unassigned YES unset administratively down down GigabitEthernet0/1 172.16.100.240 YES manual up up GigabitEthernet0/2 unassigned YES unset administratively down down GigabitEthernet0/3 unassigned YES unset administratively down down
ro1#ping 172.16.100.100 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.100.100, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/18 ms
R2
Router>enable Router#configure terminal Router(config)#hostname R2 R2(config)#interface FastEthernet1/0 R2(config-if)#ip address 172.16.100.8 255.255.255.0 R2(config-if)#no shutdown R2(config-if)#exit R2(config)#ip domain name geanmartins.lab R2(config)#crypto key generate rsa general-keys modulus 2048 R2(config)#ip ssh version 2 R2(config)#line vty 0 4 R2(config-line)#transport input ssh R2(config-line)#login local R2(config-line)#exit R2(config)#username cisco password cisco R2(config)#service password-encryption R2(config)#enable secret cisco R2(config)#end R2#wr
R2#show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES unset administratively down down FastEthernet0/1 unassigned YES unset administratively down down FastEthernet1/0 172.16.100.8 YES manual up up FastEthernet2/0 unassigned YES unset administratively down down
R2#ping 172.16.100.7 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.100.7, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/13/28 ms
Testando o acesso SSH
$ ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc cisco@172.16.100.3
wikiv2/ansible_cisco_ips_ssh.txt · Last modified: by 127.0.0.1