As I have been going through my list of configuration items for the security audit, I have only used Ansible to send commands. I haven’t used the ios_config module for any of its other abilities like interface configuration, gathering facts or ACL configuration.This post will cover 2/3 of those. Gathering facts, specifically ACL facts and […]
Ansible Project: Network Security Audit 3 – ios_acl Module Read More »
This test is designed to see if the VTY configuration is on the device. If there are any extra commands that are not part of the confirmed configuration, they will be removed. This is specifically for configuration items in the confirmed configuration. Anything outside this configuration scope will not have any changes made. The desired
Ansible Project: Network Security Audit 2 – VTY Configuration Read More »
During my project for an Ansible Security Audit I needed to use loops and if statements. This for me is a weakness and so I have written this to be used a quick reference guide on how to use Ansible “when “and “with_items”. Both of these have been used in my SNMP checking playbook. The
Ansible Ifs and Loops Read More »
This is the first of a series of tests that will create the Network Security Audit. In this first test I am going to create a single playbook that will check if SNMP is configured correctly on a router R1. The desired outcome will be for only a single SNMP read only string to be
Ansible Project: Network Security Audit 1 – SNMP Check Read More »
This is a mini project I created for myself in one of my previous roles. The problem, that it is designed to solve is given an IP address, where is that IP physically located? This is necessary in older network environments that aren’t using tools such as Solarwinds, or newer products like; Cisco ISE, DNA
Ansible Project: IP to Physical Port Mapping Read More »
Inventory & Group Vars The Ansible inventory file can be specified or a default location can be configured in the /etc/ansible/ansible.cfg file by adding the following lines. The group variables are a way of assigning groups inside the inventory file variables. The inventory can be either a single group of all devices, or split into
Ansible Inventory, Group Vars and Vault Read More »
Here I have a collection of commands for reference. Ansible can be run using ad-hoc commands or playbooks.Ad-hoc commands are all in the single command. Raw commands are entered in the Ad-hoc mode and are the commands that would usually be entered into the CLI of the network device or server.Playbooks are a series of
Ansible Basic Commands Read More »
Basic how to guide to Install Ansible quickly on Ubuntu. The full guide for Ubuntu is here. Installation Create the Inventory to Test This file is named router_switch_inv.ini in my lab. Test Topology With three lines and a small file it is very simple to start interacting with network devices. Inventory File in Depth The
Ansible Installation Read More »
This lab will expand on the previous vPC configuration lab. I have made a few configuration changes since that lab. HSRP, vPC priority and the STP root is Nexus1. vPC Priority This isn’t like HSRP where it can be set to a higher priority than the default 100 and then that device will always be
Nexus VPC Troubleshooting Read More »
This is to configure vPCs on Nexus 9000s in GNS3. For this lab I will repurpose my Nexus Multicast Lab.I will need to add some extra links between mcast_nexus1 and 2 switches to accommodate the port-channel vPC link and the vPC keepalive link. My topology is going to be a basic topology of four Nexus
Nexus VPC Basic Configuration Read More »