• Skip to main content
  • Skip to header right navigation
  • Skip to site footer

Roger Perkin

Learn Network Automation

  • Network Automation
    • Ansible
    • Python
    • Terraform
    • pyATS
    • Git
    • Postman
  • ISE
  • Cisco
    • SD WAN Training
    • Password Recovery
    • Software-Upgrade-Guides
    • BGP
    • Data Center
    • WIRELESS
  • Blog
    • CCIE Blog
  • COURSES

Ansible IOS_Command Example

In this Ansible IOS_Command Example post I will share a simple Ansible Playbook that will write an ACL to a Cisco Switch.

This playbook will work equally well on any Cisco device and once you grasp the concepts of using the IOS_Command Module and also the IOS_Config module you can configure whatever you want.

You will soon see that Ansible Network Automation skills are very good to know to make your life as a network engineer a lot easier in the new world of network automation.

The IOS Command module is documented here – http://docs.ansible.com/ansible/latest/ios_command_module.html

There are the two parameters that I will highlight and I am using in my example playbook

  • authorize – yes / no – This parameter enters privileged mode on the Cisco device if code says yes
  • waitfor – List of conditions to wait for before progressing with the Playbook
ansible network automation course

Ansible IOS_Config Module

The IOS Config module is documented here – http://docs.ansible.com/ansible/latest/ios_config_module.html

Ansible Playbook

So let’s get into the playbook

--
- hosts: 3560-SW1

  gather_facts: false
  connection: local

  tasks:
   - name: Configure ACL on Cisco Switch
     ios_config:
       authorize: yes
       lines:
         - access-list 99 permit 172.16.1.100

   - name: Verify ACL is present
     ios_command:
       commands:
         - sh access-l
       waitfor:
         - result[0] contains 'permit 172.16.1.100'

   - name: SAVE CONFIG
     ios_config:
       authorize: yes
       save: yes

This is a very simple play that is very self explanatory just by reading the Jinja2 code

It will configure a line in an access list using the IOS_Config module  it then verifies if that line is there using the ios_command module and finally saves the config using the IOS_Config module again.

Note: This playbook was written in Ansible 2.3 – the latest version 2.4 has another parameter in the IOS_Config module called save_when

This can be set to always / never / modified.

So the config can be saved only when it was modified.

The playbook is available on my GitHub – https://github.com/rogerperkin/playbooks

If you are serious about learning Network Automation check out my course below.

ansible network automation course

Read my other Ansible posts:

  • Ansible Hosts File
  • Ansible vs Python – Which one is best?
  • Ansible Vault Tutorial
  • Using Ansible to upgrade Cisco IOS
  • AnsibleFest London – Review
  • How to install Ansible Tower on Ubuntu
  • Advantages of using Ansible Roles
  • What is Ansible
  • Using Ansible to backup Cisco Configuration files
Category: Ansible for Network Engineers
Previous Post: « free ccna training neil anderson Free CCNA Training – Lab Guide
Next Post: The Remote System Refused the Connection – Cisco Router SSH the remote system refused the connection cisco ssh tutorial »

Reader Interactions

Comments

  1. Fabian martinez

    February 26, 2018 at 7:46 pm

    Hi Roger,

    Does your course cover setting up ansible on a mac? I recently installed ansible on my mac and would love some help on getting this going.

    Thanks

    • Roger Perkin

      February 27, 2018 at 1:11 pm

      Fabian,

      My course covers using Ansible for Network Automation, it does not matter if you are running it from a Mac or a Linux host all the playbooks and operation and folder structures will be the same.

      All you need to operate Ansible is to be able to SSH to your target devices.

      HTH

  2. kiborg

    April 8, 2018 at 1:35 am

    I made a script for backup, but i am having trouble with ssh to cisco switch.
    I’ve tried many different option but no success. I am able to ssh from my ansible server and I have key stored in .ssh/known_hosts but my log says “connecting to host returned an error”
    “Bad authentication type”…” Any idea how to resolve this?

    • Roger Perkin

      April 8, 2018 at 9:54 pm

      Can you post your playbook, and also run the playbook with -vvv at the end and post that as well

Let’s get started

Take a look at my premium courses on Ansible, Nornir & Git or buy them all with the Network Automation Bundle!

Network Automation Courses

Social

Follow along on social media

Contact

Get in touch with me here

[email protected]

Navigation

Home

Blog

About

Contact

YouTube

Don’t forget to take a look at my YouTube Channel

youtube button

Copyright © 2021 · Roger Perkin · All Rights Reserved · Powered by Mai Theme