Automating VLAN Creation on Cisco Devices with Ansible

-

 Automating VLAN Creation on Cisco Devices with Ansible

Ansible is a powerful automation tool that simplifies network management tasks, including creating VLANs on Cisco devices. For beginners, this guide will walk you through automating VLAN creation step-by-step, from setting up Ansible to deploying VLAN configurations.



What is a VLAN?

A VLAN (Virtual Local Area Network) is a logical group of devices within a network that can communicate as if they were on the same physical network, regardless of their physical location. VLANs improve network efficiency and security by segmenting traffic.

Why Use Ansible for VLAN Automation?

  • Consistency: Avoid manual configuration errors.
  • Efficiency: Configure multiple devices in seconds.
  • Scalability: Manage large-scale networks easily.
  • Flexibility: Supports various Cisco devices and integrates with other tools.

Prerequisites

  1. Cisco Device Configuration:

    • Ensure your Cisco devices support SSH and are configured to allow Ansible to connect.
    • Enable SSH and set up a user with necessary privileges: 
      conf t
ip domain-name yourdomain.com
crypto key generate rsa modulus 2048
ip ssh version 2
username ansible_user privilege 15 secret your_password
line vty 0 4
transport input ssh
login local
exit

  2. Ansible Installed on Your System:

    • Install Ansible on your Linux/Windows machine: 
      sudo apt update && sudo apt install ansible -y  # Ubuntu
    • Confirm installation: 
      ansible --version

  3. Python Libraries: Install paramiko and netmiko for network automation:

    pip install paramiko netmiko

Step 1: Set Up Ansible Inventory

The inventory file specifies the devices Ansible will manage. Create an inventory file (e.g., inventory.yml):

all:
  hosts:
    cisco_switch:
      ansible_host: 192.168.1.1  # Replace with your device IP
      ansible_user: ansible_user  # SSH username
      ansible_password: your_password  # SSH password
      ansible_network_os: ios

Save the file as inventory.yml.

Step 2: Create the Ansible Playbook

An Ansible playbook defines the tasks to be executed. Create a playbook named create_vlan.yml:

- name: Automate VLAN Creation on Cisco Devices
  hosts: cisco_switch
  gather_facts: no
  tasks:
    - name: Create VLAN
      cisco.ios.ios_config:
        lines:
          - vlan 10
          - name Marketing
        save_when: changed

    - name: Verify VLAN
      cisco.ios.ios_command:
        commands:
          - show vlan brief

Explanation of the Playbook

  1. Module:

    • cisco.ios.ios_config: Configures the Cisco device.
    • cisco.ios.ios_command: Runs commands on the Cisco device.

  2. Tasks:

    • Create VLAN: Adds VLAN 10 with the name "Marketing."
    • Verify VLAN: Executes the show vlan brief command to confirm VLAN creation.

  3. save_when: changed: Ensures the configuration is saved only if there are changes.

Step 3: Install the Cisco Ansible Collection

Ansible uses collections for specific device types. Install the Cisco collection:

ansible-galaxy collection install cisco.ios

Step 4: Run the Playbook

Execute the playbook to create the VLAN:

ansible-playbook -i inventory.yml create_vlan.yml

Step 5: Verify the Results

Check the output to ensure the VLAN was successfully created. You can also manually verify by logging into the switch and running:

show vlan brief

Extending the Playbook

You can extend the playbook to create multiple VLANs. Modify the playbook as follows:

- name: Automate VLAN Creation on Cisco Devices
  hosts: cisco_switch
  gather_facts: no
  tasks:
    - name: Create Multiple VLANs
      cisco.ios.ios_config:
        lines:
          - vlan 10
          - name Marketing
          - vlan 20
          - name Sales
          - vlan 30
          - name IT
        save_when: changed

Common Troubleshooting Tips

  1. SSH Connection Issues:

    • Ensure the switch allows SSH and the Ansible user has the correct credentials.
    • Test SSH connectivity using: 
      ssh ansible_user@192.168.1.1

  2. Unsupported Modules:

    • Ensure the Cisco device runs a compatible IOS version.
    • Verify the cisco.ios collection is installed.

  3. Playbook Errors:

    • Use the -vvv flag for detailed logs: 
      ansible-playbook -i inventory.yml create_vlan.yml -vvv

Conclusion

Using Ansible to automate VLAN creation on Cisco devices saves time and ensures consistency across your network. With a basic understanding of Ansible and some practice, you'll be ready to tackle more complex network automation tasks.

Ansible is an excellent tool for both beginners and experienced network engineers. Start small, and soon you'll be automating all aspects of your network!

Comments

Post a Comment

Popular Posts

Network Access Control NAC | IT NETWORKS

-
Image
Network Access Control NAC It's something that controls access to the network. And at its simplest level, this is what NAC does.  But if that's all that it was, then it wouldn't be fundamentally different from a network authentication and authorization server. Traditional authentication to the network follows the IEEE 802.1X standard that provided an authentication method to devices wishing to join a Local Area Network (LAN) or wireless LAN. 802.1X Wireless/Wired Authentication The mechanism was a port-based network access control which used agents, the software running on client devices that provide credentials to the authenticator to control access to the network. Another means to control access to a public network such as one serving a coffee shop or in a hotel, is a captive portal. If you've ever connected to a network in an airport, hotel, or coffee shop, you might recall interacting with a web page, sometimes agreeing t...
Read more

CISCO : Dynamic Multipoint Virtual Private Network (DMVPN) | ITNETWORKS

-
Image
1- Definition   DMVPN is a technology that's used in secure networks exchanging data between them without needing to redirect traffic through a  headquarter  server  or router . Dynamic Multipoint VPN ( DMVPN ) is a Cisco IOS Software solution for building reliable IPsec Virtual Private Networks (VPN). DMVPN basically is a centralized architecture that provides easier management and implementation for deployments that need very specific access controls, authorizations and restrictions for diverse branches, users, applications and partners. DMVPN + IPSEC 2- Benefits DMVPN provides the ability to create dynamic VPNs without configuring static tunnels between remote peers, including Internet Protocol (IP), IPSEC and Key Management Protocol (ISAKMP peers).   DMVPN is designed  to make HUB-AND-SPOKE   topology  by statically configuring the hub IP address on the spokes, no other changes are needed ...
Read more

Issues with CISCO WIRELESS Controller (And resolution) | IT NETWORKS

-
Image
On Cisco Wireless controller 5520, The Access POINTS try to join the Controller by bringing up a connection through the CAPWAP Tunnel, you can see these attempts through the AP log itself. The problem is that the DHCP server when trying to serve IP Addresses it shows the error BAD_ADDRESS in front of each IP assigned. So I Took a single access point, started debugging it, after that, I noticed that the CAPWAP connection was empty of errors BUT!! it was trying to resolve this name  CISCO-CAPWAP-CONTROLLER This resolution is made with DNS protocol, of course, I honestly wasn't so sure of what I was doing, so I added a new entry in my DNS server and it's corresponding IP was the Controller's after that magically all the Access Points where UP and showed UP on my controller. The controller I'm working with is the CISCO WIRELESS CONTROLLER 5520 Model:  AIR-CT5520-K9 Software Version:  8.3.150.0 Image of the controller Learn...
Read more