├── .gitignore ├── archive ├── 0.x-code │ ├── devices_file │ ├── config_file │ ├── main-1.4.py │ ├── main-1.5.py │ ├── main-1.6.py │ ├── main-2.3.py │ ├── main-2.1.py │ ├── main-2.4.py │ ├── main-2.6.py │ └── my_devices.py ├── 1.x-code │ ├── .DS_Store │ ├── _router_1.py │ ├── _router_2.py │ ├── _core.py │ ├── _access.py │ └── _all_devices.py ├── workflows │ ├── desktop.yml │ ├── core-config-change.yml │ ├── core-commit-push.yml │ ├── router_1-config-change.yml │ ├── router_2-config-change.yml │ ├── access-config-change.yml │ ├── router_1-commit-push.yml │ ├── router_2-commit-push.yml │ ├── access-commit-push.yml │ ├── core.yaml │ ├── router_1.yaml │ ├── router_2.yaml │ └── access.yaml └── Scripts │ ├── __core.sh │ ├── __router_1.sh │ ├── __router_2.sh │ └── __access.sh ├── diagram-network-automation-github-actions.png ├── .github └── workflows │ ├── core.yaml │ ├── router_1.yaml │ ├── router_2.yaml │ └── access.yaml ├── _access.sh ├── _core.sh ├── _router_1.sh ├── _router_2.sh ├── config_file_desktop_switch ├── config_file_router_2 ├── config_file_router_1 ├── README.md ├── config_file_access_switch ├── config_file_core_switch └── diagram-network-automation-github-actions.drawio /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | archive/.DS_Store 3 | -------------------------------------------------------------------------------- /archive/0.x-code/devices_file: -------------------------------------------------------------------------------- 1 | 172.29.67.110 2 | 172.29.67.111 3 | 172.29.67.112 4 | 172.29.67.113 5 | 172.29.67.114 -------------------------------------------------------------------------------- /archive/1.x-code/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gdmoney/network-automation-github-actions/HEAD/archive/1.x-code/.DS_Store -------------------------------------------------------------------------------- /diagram-network-automation-github-actions.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/gdmoney/network-automation-github-actions/HEAD/diagram-network-automation-github-actions.png -------------------------------------------------------------------------------- /archive/0.x-code/config_file: -------------------------------------------------------------------------------- 1 | no alias exec i show ip route 2 | no alias exec ii show ip interface brief 3 | no alias exec i* clear ip route * 4 | no username test secret blahblahblah -------------------------------------------------------------------------------- /archive/0.x-code/main-1.4.py: -------------------------------------------------------------------------------- 1 | # pip install netmiko 2 | 3 | from netmiko import ConnectHandler 4 | from my_devices_2 import device_list as devices 5 | 6 | with open('config_file') as f: 7 | config_list = f.read().splitlines() 8 | 9 | for a_device in devices: 10 | session = ConnectHandler(**a_device) 11 | output = session.send_config_set(config_list) 12 | output += session.save_config() 13 | print (output) -------------------------------------------------------------------------------- /archive/workflows/desktop.yml: -------------------------------------------------------------------------------- 1 | name: desktop switch 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | paths: 8 | - 'config_file_desktop_switch' 9 | workflow_dispatch: 10 | 11 | jobs: 12 | deploy: 13 | runs-on: [self-hosted, linux] 14 | steps: 15 | - name: Run 16 | run: | 17 | cd /home/siteadmin/actions-runner/network-automation-github-actions 18 | git pull 19 | cd .. 20 | -------------------------------------------------------------------------------- /archive/workflows/core-config-change.yml: -------------------------------------------------------------------------------- 1 | name: core switch - config change detected workflow 2 | 3 | on: 4 | issues: 5 | types: 6 | - labeled 7 | 8 | jobs: 9 | run_if_label_matches: 10 | if: github.event.label.name == 'core' 11 | runs-on: [self-hosted, linux] 12 | steps: 13 | - run: | 14 | cd /home/siteadmin/actions-runner/network-automation-github-actions 15 | git pull 16 | ./_core.sh 17 | cd .. -------------------------------------------------------------------------------- /archive/workflows/core-commit-push.yml: -------------------------------------------------------------------------------- 1 | name: core switch - config push workflow 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | paths: 8 | - 'config_file_core_switch' 9 | workflow_dispatch: 10 | 11 | jobs: 12 | deploy: 13 | runs-on: [self-hosted, linux] 14 | steps: 15 | - run: | 16 | cd /home/siteadmin/actions-runner/network-automation-github-actions 17 | git pull 18 | ./_core.sh 19 | cd .. 20 | -------------------------------------------------------------------------------- /archive/workflows/router_1-config-change.yml: -------------------------------------------------------------------------------- 1 | name: router_1 - config change detected workflow 2 | 3 | on: 4 | issues: 5 | types: 6 | - labeled 7 | 8 | jobs: 9 | run_if_label_matches: 10 | if: github.event.label.name == 'router_1' 11 | runs-on: [self-hosted, linux] 12 | steps: 13 | - run: | 14 | cd /home/siteadmin/actions-runner/network-automation-github-actions 15 | git pull 16 | ./_router_1.sh 17 | cd .. -------------------------------------------------------------------------------- /archive/workflows/router_2-config-change.yml: -------------------------------------------------------------------------------- 1 | name: router_2 - config change detected workflow 2 | 3 | on: 4 | issues: 5 | types: 6 | - labeled 7 | 8 | jobs: 9 | run_if_label_matches: 10 | if: github.event.label.name == 'router_2' 11 | runs-on: [self-hosted, linux] 12 | steps: 13 | - run: | 14 | cd /home/siteadmin/actions-runner/network-automation-github-actions 15 | git pull 16 | ./_router_2.sh 17 | cd .. -------------------------------------------------------------------------------- /archive/workflows/access-config-change.yml: -------------------------------------------------------------------------------- 1 | name: access switch - config change detected workflow 2 | 3 | on: 4 | issues: 5 | types: 6 | - labeled 7 | 8 | jobs: 9 | run_if_label_matches: 10 | if: github.event.label.name == 'access' 11 | runs-on: [self-hosted, linux] 12 | steps: 13 | - run: | 14 | cd /home/siteadmin/actions-runner/network-automation-github-actions 15 | git pull 16 | ./_access.sh 17 | cd .. 18 | -------------------------------------------------------------------------------- /archive/workflows/router_1-commit-push.yml: -------------------------------------------------------------------------------- 1 | name: router_1 - commit push workflow 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | paths: 8 | - 'config_file_router_1' 9 | workflow_dispatch: 10 | 11 | jobs: 12 | deploy: 13 | runs-on: [self-hosted, linux] 14 | steps: 15 | - run: | 16 | cd /home/siteadmin/actions-runner/network-automation-github-actions 17 | git pull 18 | ./_router_1.sh 19 | cd .. 20 | -------------------------------------------------------------------------------- /archive/workflows/router_2-commit-push.yml: -------------------------------------------------------------------------------- 1 | name: router_2 - commit push workflow 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | paths: 8 | - 'config_file_router_2' 9 | workflow_dispatch: 10 | 11 | jobs: 12 | deploy: 13 | runs-on: [self-hosted, linux] 14 | steps: 15 | - run: | 16 | cd /home/siteadmin/actions-runner/network-automation-github-actions 17 | git pull 18 | ./_router_2.sh 19 | cd .. 20 | -------------------------------------------------------------------------------- /archive/workflows/access-commit-push.yml: -------------------------------------------------------------------------------- 1 | name: access switch - commit push workflow 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | paths: 8 | - 'config_file_access_switch' 9 | workflow_dispatch: 10 | 11 | jobs: 12 | deploy: 13 | runs-on: [self-hosted, linux] 14 | steps: 15 | - run: | 16 | cd /home/siteadmin/actions-runner/network-automation-github-actions 17 | git pull 18 | ./_access.sh 19 | cd .. 20 | -------------------------------------------------------------------------------- /archive/0.x-code/main-1.5.py: -------------------------------------------------------------------------------- 1 | # pip install netmiko 2 | 3 | from netmiko import ConnectHandler 4 | from my_devices_2 import device_list as devices 5 | 6 | with open('C:/Users/gdavitiani/Documents/GitHub/network-automation-github-actions/config_file') as f: 7 | config_list = f.read().splitlines() 8 | 9 | for a_device in devices: 10 | session = ConnectHandler(**a_device) 11 | output = session.send_config_set(config_list) 12 | output += session.save_config() 13 | # print (output) -------------------------------------------------------------------------------- /archive/0.x-code/main-1.6.py: -------------------------------------------------------------------------------- 1 | # apt install python3-pip 2 | # sudo pip3 install --upgrade pip 3 | # sudo pip3 install netmiko 4 | 5 | from netmiko import ConnectHandler 6 | from my_devices_2 import device_list as devices 7 | 8 | with open('config_file') as f: 9 | config_list = f.read().splitlines() 10 | 11 | for a_device in devices: 12 | session = ConnectHandler(**a_device) 13 | output = session.send_config_set(config_list) 14 | output += session.save_config() 15 | # print (output) -------------------------------------------------------------------------------- /archive/0.x-code/main-2.3.py: -------------------------------------------------------------------------------- 1 | # pip install netmiko 2 | 3 | import threading 4 | from netmiko import ConnectHandler 5 | from my_devices_2 import device_list as devices 6 | 7 | def task(a_device): 8 | with open('config_file') as f: 9 | config_list = f.read().splitlines() 10 | 11 | session = ConnectHandler(**a_device) 12 | output = session.send_config_set(config_list) 13 | # print (output) 14 | 15 | def main(): 16 | for a_device in devices: 17 | my_thread = threading.Thread(target=task, args=(a_device,)) 18 | my_thread.start() 19 | 20 | main_thread = threading.currentThread() 21 | for some_thread in threading.enumerate(): 22 | if some_thread != main_thread: 23 | print(some_thread) 24 | some_thread.join() 25 | 26 | if __name__ == "__main__": 27 | main() -------------------------------------------------------------------------------- /archive/workflows/core.yaml: -------------------------------------------------------------------------------- 1 | name: core switch workflows 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | paths: 8 | - 'config_file_core_switch' 9 | issues: 10 | types: 11 | - labeled 12 | workflow_dispatch: 13 | 14 | jobs: 15 | deploy-on-push: 16 | runs-on: [self-hosted, linux] 17 | if: github.event_name == 'push' 18 | steps: 19 | - run: | 20 | cd /home/siteadmin/actions-runner/network-automation-github-actions 21 | git pull 22 | ./_core.sh 23 | cd .. 24 | 25 | deploy-on-label: 26 | runs-on: [self-hosted, linux] 27 | if: github.event_name == 'issues' && github.event.label.name == 'core' 28 | steps: 29 | - run: | 30 | cd /home/siteadmin/actions-runner/network-automation-github-actions 31 | git pull 32 | ./_core.sh 33 | cd .. -------------------------------------------------------------------------------- /archive/workflows/router_1.yaml: -------------------------------------------------------------------------------- 1 | name: router_1 workflows 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | paths: 8 | - 'config_file_router_1' 9 | issues: 10 | types: 11 | - labeled 12 | workflow_dispatch: 13 | 14 | jobs: 15 | deploy-on-push: 16 | runs-on: [self-hosted, linux] 17 | if: github.event_name == 'push' 18 | steps: 19 | - run: | 20 | cd /home/siteadmin/actions-runner/network-automation-github-actions 21 | git pull 22 | ./_router_1.sh 23 | cd .. 24 | 25 | deploy-on-label: 26 | runs-on: [self-hosted, linux] 27 | if: github.event_name == 'issues' && github.event.label.name == 'router_1' 28 | steps: 29 | - run: | 30 | cd /home/siteadmin/actions-runner/network-automation-github-actions 31 | git pull 32 | ./_router_1.sh 33 | cd .. -------------------------------------------------------------------------------- /archive/workflows/router_2.yaml: -------------------------------------------------------------------------------- 1 | name: router_2 workflows 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | paths: 8 | - 'config_file_router_2' 9 | issues: 10 | types: 11 | - labeled 12 | workflow_dispatch: 13 | 14 | jobs: 15 | deploy-on-push: 16 | runs-on: [self-hosted, linux] 17 | if: github.event_name == 'push' 18 | steps: 19 | - run: | 20 | cd /home/siteadmin/actions-runner/network-automation-github-actions 21 | git pull 22 | ./_router_2.sh 23 | cd .. 24 | 25 | deploy-on-label: 26 | runs-on: [self-hosted, linux] 27 | if: github.event_name == 'issues' && github.event.label.name == 'router_2' 28 | steps: 29 | - run: | 30 | cd /home/siteadmin/actions-runner/network-automation-github-actions 31 | git pull 32 | ./_router_2.sh 33 | cd .. -------------------------------------------------------------------------------- /archive/workflows/access.yaml: -------------------------------------------------------------------------------- 1 | name: access switch workflows 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | paths: 8 | - 'config_file_access_switch' 9 | issues: 10 | types: 11 | - labeled 12 | workflow_dispatch: 13 | 14 | jobs: 15 | deploy-on-push: 16 | runs-on: [self-hosted, linux] 17 | if: github.event_name == 'push' 18 | steps: 19 | - run: | 20 | cd /home/siteadmin/actions-runner/network-automation-github-actions 21 | git pull 22 | ./_access.sh 23 | cd .. 24 | 25 | deploy-on-label: 26 | runs-on: [self-hosted, linux] 27 | if: github.event_name == 'issues' && github.event.label.name == 'access' 28 | steps: 29 | - run: | 30 | cd /home/siteadmin/actions-runner/network-automation-github-actions 31 | git pull 32 | ./_access.sh 33 | cd .. 34 | -------------------------------------------------------------------------------- /archive/0.x-code/main-2.1.py: -------------------------------------------------------------------------------- 1 | # pip install netmiko 2 | 3 | import threading 4 | from netmiko import ConnectHandler 5 | from my_devices_2 import device_list as devices 6 | 7 | def task(a_device): 8 | with open('config_file') as f: 9 | config_list = f.read().splitlines() 10 | 11 | session = ConnectHandler(**a_device) 12 | output = session.send_config_set(config_list) 13 | # output = session.send_command('write mem') // send a single global command instead 14 | # print (output) 15 | 16 | def main(): 17 | for a_device in devices: 18 | my_thread = threading.Thread(target=task, args=(a_device,)) 19 | my_thread.start() 20 | 21 | main_thread = threading.currentThread() 22 | for some_thread in threading.enumerate(): 23 | if some_thread != main_thread: 24 | print(some_thread) 25 | some_thread.join() 26 | 27 | if __name__ == "__main__": 28 | main() -------------------------------------------------------------------------------- /archive/0.x-code/main-2.4.py: -------------------------------------------------------------------------------- 1 | # pip install netmiko 2 | 3 | import threading 4 | from netmiko import ConnectHandler 5 | from my_devices_2 import device_list as devices 6 | 7 | def task(a_device): 8 | with open('C:/Users/gdavitiani/Documents/GitHub/network-automation-github-actions/config_file') as f: 9 | config_list = f.read().splitlines() 10 | 11 | session = ConnectHandler(**a_device) 12 | output = session.send_config_set(config_list) 13 | output += session.save_config() 14 | # print (output) 15 | 16 | def main(): 17 | for a_device in devices: 18 | my_thread = threading.Thread(target=task, args=(a_device,)) 19 | my_thread.start() 20 | 21 | main_thread = threading.currentThread() 22 | for some_thread in threading.enumerate(): 23 | if some_thread != main_thread: 24 | print(some_thread) 25 | some_thread.join() 26 | 27 | if __name__ == "__main__": 28 | main() -------------------------------------------------------------------------------- /archive/Scripts/__core.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | curl -X 'POST' \ 4 | 'http://192.168.255.5:8085/api/v3/jobs/push' \ 5 | -H 'accept: application/json' \ 6 | -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJhdXRoMCJ9.SENSdIUM5ZI7BwHH7mVw2cHyZwMzSQCngz0CNBcyAuU' \ 7 | -H 'Content-Type: application/json' \ 8 | -d '{ 9 | "commands": [ 10 | "config replace tftp://172.18.0.2/config_file_core_switch force", 11 | "write memory" 12 | ], 13 | "requireEnableMode": true, 14 | "requireConfigureMode": false, 15 | "tagUuids": [ 16 | "b541b2fe-1f65-4cfb-b830-d606d0a732ae" 17 | ], 18 | "advancedSettings": { 19 | "promptMatchingModeEnum": "LEARNING", 20 | "overrideTimeouts": false, 21 | "timeout": 0, 22 | "overrideCredentials": false, 23 | "username": "string", 24 | "password": "string", 25 | "enablePassword": "string", 26 | "configurePassword": "string" 27 | } 28 | }' 29 | -------------------------------------------------------------------------------- /archive/Scripts/__router_1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | curl -X 'POST' \ 4 | 'http://192.168.255.5:8085/api/v3/jobs/push' \ 5 | -H 'accept: application/json' \ 6 | -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJhdXRoMCJ9.SENSdIUM5ZI7BwHH7mVw2cHyZwMzSQCngz0CNBcyAuU' \ 7 | -H 'Content-Type: application/json' \ 8 | -d '{ 9 | "commands": [ 10 | "config replace tftp://172.18.0.2/config_file_router_1 force", 11 | "write memory" 12 | ], 13 | "requireEnableMode": true, 14 | "requireConfigureMode": false, 15 | "tagUuids": [ 16 | "6a31a8fd-eea7-430a-a126-25d00a3e5928" 17 | ], 18 | "advancedSettings": { 19 | "promptMatchingModeEnum": "LEARNING", 20 | "overrideTimeouts": false, 21 | "timeout": 0, 22 | "overrideCredentials": false, 23 | "username": "string", 24 | "password": "string", 25 | "enablePassword": "string", 26 | "configurePassword": "string" 27 | } 28 | }' 29 | -------------------------------------------------------------------------------- /archive/Scripts/__router_2.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | curl -X 'POST' \ 4 | 'http://192.168.255.5:8085/api/v3/jobs/push' \ 5 | -H 'accept: application/json' \ 6 | -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJhdXRoMCJ9.SENSdIUM5ZI7BwHH7mVw2cHyZwMzSQCngz0CNBcyAuU' \ 7 | -H 'Content-Type: application/json' \ 8 | -d '{ 9 | "commands": [ 10 | "config replace tftp://172.18.0.2/config_file_router_2 force", 11 | "write memory" 12 | ], 13 | "requireEnableMode": true, 14 | "requireConfigureMode": false, 15 | "tagUuids": [ 16 | "27ac3847-ddcf-4109-9984-544fbb52a80f" 17 | ], 18 | "advancedSettings": { 19 | "promptMatchingModeEnum": "LEARNING", 20 | "overrideTimeouts": false, 21 | "timeout": 0, 22 | "overrideCredentials": false, 23 | "username": "string", 24 | "password": "string", 25 | "enablePassword": "string", 26 | "configurePassword": "string" 27 | } 28 | }' 29 | -------------------------------------------------------------------------------- /.github/workflows/core.yaml: -------------------------------------------------------------------------------- 1 | name: core switch workflow 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | paths: 8 | - 'config_file_core_switch' 9 | issues: 10 | types: 11 | - labeled 12 | workflow_dispatch: 13 | 14 | env: 15 | REPO_PATH: /home/siteadmin/actions-runner/network-automation-github-actions 16 | 17 | permissions: 18 | contents: read 19 | pull-requests: write 20 | 21 | jobs: 22 | deploy: 23 | runs-on: [self-hosted, linux] 24 | if: github.event_name == 'push' || (github.event_name == 'issues' && github.event.label.name == 'core') 25 | steps: 26 | - name: Checkout repository 27 | uses: actions/checkout@v4 28 | 29 | - name: Pull latest changes and run the 'core' script 30 | env: 31 | AUTH_TOKEN: ${{ secrets.API_AUTH_TOKEN }} 32 | run: | 33 | git pull 34 | ./_core.sh 35 | working-directory: ${{ env.REPO_PATH }} 36 | -------------------------------------------------------------------------------- /archive/0.x-code/main-2.6.py: -------------------------------------------------------------------------------- 1 | # apt install python3-pip 2 | # sudo pip3 install --upgrade pip 3 | # sudo pip3 install netmiko 4 | 5 | import threading 6 | from netmiko import ConnectHandler 7 | from my_devices_2 import device_list as devices 8 | 9 | def task(a_device): 10 | with open('config_file') as f: 11 | config_list = f.read().splitlines() 12 | 13 | session = ConnectHandler(**a_device) 14 | output = session.send_config_set(config_list) 15 | output += session.save_config() 16 | # print (output) 17 | 18 | def main(): 19 | for a_device in devices: 20 | my_thread = threading.Thread(target=task, args=(a_device,)) 21 | my_thread.start() 22 | 23 | main_thread = threading.currentThread() 24 | for some_thread in threading.enumerate(): 25 | if some_thread != main_thread: 26 | print(some_thread) 27 | some_thread.join() 28 | 29 | if __name__ == "__main__": 30 | main() -------------------------------------------------------------------------------- /archive/Scripts/__access.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | curl -X 'POST' \ 4 | 'http://192.168.255.5:8085/api/v3/jobs/push' \ 5 | -H 'accept: application/json' \ 6 | -H 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJhdXRoMCJ9.SENSdIUM5ZI7BwHH7mVw2cHyZwMzSQCngz0CNBcyAuU' \ 7 | -H 'Content-Type: application/json' \ 8 | -d '{ 9 | "commands": [ 10 | "config replace tftp://172.18.0.2/config_file_access_switch force", 11 | "write memory" 12 | ], 13 | "requireEnableMode": true, 14 | "requireConfigureMode": false, 15 | "tagUuids": [ 16 | "b29da665-3147-4790-a775-ac8ed583231b" 17 | ], 18 | "advancedSettings": { 19 | "promptMatchingModeEnum": "LEARNING", 20 | "overrideTimeouts": false, 21 | "timeout": 0, 22 | "overrideCredentials": false, 23 | "username": "string", 24 | "password": "string", 25 | "enablePassword": "string", 26 | "configurePassword": "string" 27 | } 28 | }' 29 | -------------------------------------------------------------------------------- /.github/workflows/router_1.yaml: -------------------------------------------------------------------------------- 1 | name: router_1 workflow 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | paths: 8 | - 'config_file_router_1' 9 | issues: 10 | types: 11 | - labeled 12 | workflow_dispatch: 13 | 14 | env: 15 | REPO_PATH: /home/siteadmin/actions-runner/network-automation-github-actions 16 | 17 | permissions: 18 | contents: read 19 | pull-requests: write 20 | 21 | jobs: 22 | deploy: 23 | runs-on: [self-hosted, linux] 24 | if: github.event_name == 'push' || (github.event_name == 'issues' && github.event.label.name == 'router_1') 25 | steps: 26 | - name: Checkout repository 27 | uses: actions/checkout@v4 28 | 29 | - name: Pull latest changes and run the 'router_1' script 30 | env: 31 | AUTH_TOKEN: ${{ secrets.API_AUTH_TOKEN }} 32 | run: | 33 | git pull 34 | ./_router_1.sh 35 | working-directory: ${{ env.REPO_PATH }} 36 | -------------------------------------------------------------------------------- /.github/workflows/router_2.yaml: -------------------------------------------------------------------------------- 1 | name: router_2 workflow 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | paths: 8 | - 'config_file_router_2' 9 | issues: 10 | types: 11 | - labeled 12 | workflow_dispatch: 13 | 14 | env: 15 | REPO_PATH: /home/siteadmin/actions-runner/network-automation-github-actions 16 | 17 | permissions: 18 | contents: read 19 | pull-requests: write 20 | 21 | jobs: 22 | deploy: 23 | runs-on: [self-hosted, linux] 24 | if: github.event_name == 'push' || (github.event_name == 'issues' && github.event.label.name == 'router_2') 25 | steps: 26 | - name: Checkout repository 27 | uses: actions/checkout@v4 28 | 29 | - name: Pull latest changes and run the 'router_2' script 30 | env: 31 | AUTH_TOKEN: ${{ secrets.API_AUTH_TOKEN }} 32 | run: | 33 | git pull 34 | ./_router_2.sh 35 | working-directory: ${{ env.REPO_PATH }} 36 | -------------------------------------------------------------------------------- /archive/1.x-code/_router_1.py: -------------------------------------------------------------------------------- 1 | import threading 2 | from netmiko import ConnectHandler 3 | from _all_devices import router_1 as devices 4 | 5 | def task(a_device): 6 | # with open('config_file_router_1') as f: 7 | # config_list = f.read().splitlines() 8 | 9 | session = ConnectHandler(**a_device) 10 | # output = session.send_config_set(config_list) 11 | output = session.send_command('config replace tftp://172.17.0.2/config_file_router_1 force') 12 | output += session.save_config() 13 | # print (output) 14 | 15 | def main(): 16 | for a_device in devices: 17 | my_thread = threading.Thread(target=task, args=(a_device,)) 18 | my_thread.start() 19 | 20 | main_thread = threading.current_thread() 21 | for some_thread in threading.enumerate(): 22 | if some_thread != main_thread: 23 | print(some_thread) 24 | some_thread.join() 25 | 26 | if __name__ == "__main__": 27 | main() -------------------------------------------------------------------------------- /archive/1.x-code/_router_2.py: -------------------------------------------------------------------------------- 1 | import threading 2 | from netmiko import ConnectHandler 3 | from _all_devices import router_2 as devices 4 | 5 | def task(a_device): 6 | # with open('config_file_router_2') as f: 7 | # config_list = f.read().splitlines() 8 | 9 | session = ConnectHandler(**a_device) 10 | # output = session.send_config_set(config_list) 11 | output = session.send_command('config replace tftp://172.17.0.2/config_file_router_2 force') 12 | output += session.save_config() 13 | # print (output) 14 | 15 | def main(): 16 | for a_device in devices: 17 | my_thread = threading.Thread(target=task, args=(a_device,)) 18 | my_thread.start() 19 | 20 | main_thread = threading.current_thread() 21 | for some_thread in threading.enumerate(): 22 | if some_thread != main_thread: 23 | print(some_thread) 24 | some_thread.join() 25 | 26 | if __name__ == "__main__": 27 | main() -------------------------------------------------------------------------------- /.github/workflows/access.yaml: -------------------------------------------------------------------------------- 1 | name: access switch workflow 2 | 3 | on: 4 | push: 5 | branches: 6 | - main 7 | paths: 8 | - 'config_file_access_switch' 9 | issues: 10 | types: 11 | - labeled 12 | workflow_dispatch: 13 | 14 | env: 15 | REPO_PATH: /home/siteadmin/actions-runner/network-automation-github-actions 16 | 17 | permissions: 18 | contents: read 19 | pull-requests: write 20 | 21 | jobs: 22 | deploy: 23 | runs-on: [self-hosted, linux] 24 | if: github.event_name == 'push' || (github.event_name == 'issues' && github.event.label.name == 'access') 25 | steps: 26 | - name: Checkout repository 27 | uses: actions/checkout@v4 28 | 29 | - name: Pull latest changes and run the 'access' script 30 | env: 31 | AUTH_TOKEN: ${{ secrets.API_AUTH_TOKEN }} 32 | run: | 33 | git pull 34 | ./_access.sh 35 | working-directory: ${{ env.REPO_PATH }} 36 | -------------------------------------------------------------------------------- /archive/1.x-code/_core.py: -------------------------------------------------------------------------------- 1 | import threading 2 | from netmiko import ConnectHandler 3 | from _all_devices import core_switch as devices 4 | 5 | def task(a_device): 6 | # with open('config_file_core_switch') as f: 7 | # config_list = f.read().splitlines() 8 | 9 | session = ConnectHandler(**a_device) 10 | # output = session.send_config_set(config_list) 11 | output = session.send_command('config replace tftp://172.17.0.2/config_file_core_switch force') 12 | output += session.save_config() 13 | # print (output) 14 | 15 | def main(): 16 | for a_device in devices: 17 | my_thread = threading.Thread(target=task, args=(a_device,)) 18 | my_thread.start() 19 | 20 | main_thread = threading.current_thread() 21 | for some_thread in threading.enumerate(): 22 | if some_thread != main_thread: 23 | print(some_thread) 24 | some_thread.join() 25 | 26 | if __name__ == "__main__": 27 | main() -------------------------------------------------------------------------------- /archive/1.x-code/_access.py: -------------------------------------------------------------------------------- 1 | import threading 2 | from netmiko import ConnectHandler 3 | from _all_devices import access_switches as devices 4 | 5 | def task(a_device): 6 | # with open('config_replace_access_switch') as f: 7 | # config_replace = f.read().splitlines() 8 | 9 | session = ConnectHandler(**a_device) 10 | # output = session.send_config_set(config_replace) 11 | output = session.send_command('config replace tftp://172.17.0.2/config_file_access_switch force') 12 | output += session.save_config() 13 | # print (output) 14 | 15 | def main(): 16 | for a_device in devices: 17 | my_thread = threading.Thread(target=task, args=(a_device,)) 18 | my_thread.start() 19 | 20 | main_thread = threading.current_thread() 21 | for some_thread in threading.enumerate(): 22 | if some_thread != main_thread: 23 | print(some_thread) 24 | some_thread.join() 25 | 26 | if __name__ == "__main__": 27 | main() -------------------------------------------------------------------------------- /archive/0.x-code/my_devices.py: -------------------------------------------------------------------------------- 1 | from getpass import getpass 2 | 3 | username = input('Enter your username: ') 4 | password = getpass() 5 | 6 | ROUTER_1 = { 7 | 'device_type': 'cisco_ios', 8 | 'ip': '172.29.67.110', 9 | 'username': username, 10 | 'password': password, 11 | } 12 | 13 | ROUTER_2 = { 14 | 'device_type': 'cisco_ios', 15 | 'ip': '172.29.67.111', 16 | 'username': username, 17 | 'password': password, 18 | } 19 | 20 | ROUTER_3 = { 21 | 'device_type': 'cisco_ios', 22 | 'ip': '172.29.67.112', 23 | 'username': username, 24 | 'password': password, 25 | } 26 | 27 | ROUTER_4 = { 28 | 'device_type': 'cisco_ios', 29 | 'ip': '172.29.67.113', 30 | 'username': username, 31 | 'password': password, 32 | } 33 | 34 | ROUTER_5 = { 35 | 'device_type': 'cisco_ios', 36 | 'ip': '172.29.67.114', 37 | 'username': username, 38 | 'password': password, 39 | } 40 | 41 | device_list = [ 42 | ROUTER_1, 43 | ROUTER_2, 44 | ROUTER_3, 45 | ROUTER_4, 46 | ROUTER_5, 47 | ] -------------------------------------------------------------------------------- /_access.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Variables 4 | API_URL="http://192.168.255.5:8085/api/v3/jobs/push" 5 | AUTH_TOKEN="${AUTH_TOKEN}" 6 | TAG_UUID="b29da665-3147-4790-a775-ac8ed583231b" 7 | 8 | # Lookup server's IP address 9 | TFTP_SERVER_HOSTNAME="ubuntu" 10 | TFTP_SERVER_IP=$(getent hosts "${TFTP_SERVER_HOSTNAME}" | awk '{ print $1 }') 11 | 12 | if [ -z "$TFTP_SERVER_IP" ]; then 13 | echo "Could not resolve IP address for ${TFTP_SERVER_HOSTNAME}" 14 | exit 1 15 | fi 16 | 17 | COMMAND1="config replace tftp://${TFTP_SERVER_IP}/config_file_access_switch force" 18 | COMMAND2="write memory" 19 | USERNAME="string" 20 | PASSWORD="string" 21 | ENABLE_PASSWORD="string" 22 | CONFIGURE_PASSWORD="string" 23 | 24 | # Curl command 25 | curl -X 'POST' ${API_URL} \ 26 | -H 'accept: application/json' \ 27 | -H "Authorization: ${AUTH_TOKEN}" \ 28 | -H 'Content-Type: application/json' \ 29 | -d "{ 30 | \"commands\": [ 31 | \"${COMMAND1}\", 32 | \"${COMMAND2}\" 33 | ], 34 | \"requireEnableMode\": true, 35 | \"requireConfigureMode\": false, 36 | \"tagUuids\": [ 37 | \"${TAG_UUID}\" 38 | ], 39 | \"advancedSettings\": { 40 | \"promptMatchingModeEnum\": \"LEARNING\", 41 | \"overrideTimeouts\": false, 42 | \"timeout\": 0, 43 | \"overrideCredentials\": false, 44 | \"username\": \"${USERNAME}\", 45 | \"password\": \"${PASSWORD}\", 46 | \"enablePassword\": \"${ENABLE_PASSWORD}\", 47 | \"configurePassword\": \"${CONFIGURE_PASSWORD}\" 48 | } 49 | }" 50 | -------------------------------------------------------------------------------- /_core.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Variables 4 | API_URL="http://192.168.255.5:8085/api/v3/jobs/push" 5 | AUTH_TOKEN="${AUTH_TOKEN}" 6 | TAG_UUID="b541b2fe-1f65-4cfb-b830-d606d0a732ae" 7 | 8 | # Lookup server's IP address 9 | TFTP_SERVER_HOSTNAME="ubuntu" 10 | TFTP_SERVER_IP=$(getent hosts "${TFTP_SERVER_HOSTNAME}" | awk '{ print $1 }') 11 | 12 | if [ -z "$TFTP_SERVER_IP" ]; then 13 | echo "Could not resolve IP address for ${TFTP_SERVER_HOSTNAME}" 14 | exit 1 15 | fi 16 | 17 | COMMAND1="config replace tftp://${TFTP_SERVER_IP}/config_file_core_switch force" 18 | COMMAND2="write memory" 19 | USERNAME="string" 20 | PASSWORD="string" 21 | ENABLE_PASSWORD="string" 22 | CONFIGURE_PASSWORD="string" 23 | 24 | # Curl command 25 | curl -X 'POST' ${API_URL} \ 26 | -H 'accept: application/json' \ 27 | -H "Authorization: ${AUTH_TOKEN}" \ 28 | -H 'Content-Type: application/json' \ 29 | -d "{ 30 | \"commands\": [ 31 | \"${COMMAND1}\", 32 | \"${COMMAND2}\" 33 | ], 34 | \"requireEnableMode\": true, 35 | \"requireConfigureMode\": false, 36 | \"tagUuids\": [ 37 | \"${TAG_UUID}\" 38 | ], 39 | \"advancedSettings\": { 40 | \"promptMatchingModeEnum\": \"LEARNING\", 41 | \"overrideTimeouts\": false, 42 | \"timeout\": 0, 43 | \"overrideCredentials\": false, 44 | \"username\": \"${USERNAME}\", 45 | \"password\": \"${PASSWORD}\", 46 | \"enablePassword\": \"${ENABLE_PASSWORD}\", 47 | \"configurePassword\": \"${CONFIGURE_PASSWORD}\" 48 | } 49 | }" 50 | -------------------------------------------------------------------------------- /_router_1.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Variables 4 | API_URL="http://192.168.255.5:8085/api/v3/jobs/push" 5 | AUTH_TOKEN="${AUTH_TOKEN}" 6 | TAG_UUID="6a31a8fd-eea7-430a-a126-25d00a3e5928" 7 | 8 | # Lookup server's IP address 9 | TFTP_SERVER_HOSTNAME="ubuntu" 10 | TFTP_SERVER_IP=$(getent hosts "${TFTP_SERVER_HOSTNAME}" | awk '{ print $1 }') 11 | 12 | if [ -z "$TFTP_SERVER_IP" ]; then 13 | echo "Could not resolve IP address for ${TFTP_SERVER_HOSTNAME}" 14 | exit 1 15 | fi 16 | 17 | COMMAND1="config replace tftp://${TFTP_SERVER_IP}/config_file_router_1 force" 18 | COMMAND2="write memory" 19 | USERNAME="string" 20 | PASSWORD="string" 21 | ENABLE_PASSWORD="string" 22 | CONFIGURE_PASSWORD="string" 23 | 24 | # Curl command 25 | curl -X 'POST' ${API_URL} \ 26 | -H 'accept: application/json' \ 27 | -H "Authorization: ${AUTH_TOKEN}" \ 28 | -H 'Content-Type: application/json' \ 29 | -d "{ 30 | \"commands\": [ 31 | \"${COMMAND1}\", 32 | \"${COMMAND2}\" 33 | ], 34 | \"requireEnableMode\": true, 35 | \"requireConfigureMode\": false, 36 | \"tagUuids\": [ 37 | \"${TAG_UUID}\" 38 | ], 39 | \"advancedSettings\": { 40 | \"promptMatchingModeEnum\": \"LEARNING\", 41 | \"overrideTimeouts\": false, 42 | \"timeout\": 0, 43 | \"overrideCredentials\": false, 44 | \"username\": \"${USERNAME}\", 45 | \"password\": \"${PASSWORD}\", 46 | \"enablePassword\": \"${ENABLE_PASSWORD}\", 47 | \"configurePassword\": \"${CONFIGURE_PASSWORD}\" 48 | } 49 | }" 50 | -------------------------------------------------------------------------------- /_router_2.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Variables 4 | API_URL="http://192.168.255.5:8085/api/v3/jobs/push" 5 | AUTH_TOKEN="${AUTH_TOKEN}" 6 | TAG_UUID="27ac3847-ddcf-4109-9984-544fbb52a80f" 7 | 8 | # Lookup server's IP address 9 | TFTP_SERVER_HOSTNAME="ubuntu" 10 | TFTP_SERVER_IP=$(getent hosts "${TFTP_SERVER_HOSTNAME}" | awk '{ print $1 }') 11 | 12 | if [ -z "$TFTP_SERVER_IP" ]; then 13 | echo "Could not resolve IP address for ${TFTP_SERVER_HOSTNAME}" 14 | exit 1 15 | fi 16 | 17 | COMMAND1="config replace tftp://${TFTP_SERVER_IP}/config_file_router_2 force" 18 | COMMAND2="write memory" 19 | USERNAME="string" 20 | PASSWORD="string" 21 | ENABLE_PASSWORD="string" 22 | CONFIGURE_PASSWORD="string" 23 | 24 | # Curl command 25 | curl -X 'POST' ${API_URL} \ 26 | -H 'accept: application/json' \ 27 | -H "Authorization: ${AUTH_TOKEN}" \ 28 | -H 'Content-Type: application/json' \ 29 | -d "{ 30 | \"commands\": [ 31 | \"${COMMAND1}\", 32 | \"${COMMAND2}\" 33 | ], 34 | \"requireEnableMode\": true, 35 | \"requireConfigureMode\": false, 36 | \"tagUuids\": [ 37 | \"${TAG_UUID}\" 38 | ], 39 | \"advancedSettings\": { 40 | \"promptMatchingModeEnum\": \"LEARNING\", 41 | \"overrideTimeouts\": false, 42 | \"timeout\": 0, 43 | \"overrideCredentials\": false, 44 | \"username\": \"${USERNAME}\", 45 | \"password\": \"${PASSWORD}\", 46 | \"enablePassword\": \"${ENABLE_PASSWORD}\", 47 | \"configurePassword\": \"${CONFIGURE_PASSWORD}\" 48 | } 49 | }" 50 | -------------------------------------------------------------------------------- /archive/1.x-code/_all_devices.py: -------------------------------------------------------------------------------- 1 | import keyring 2 | 3 | username = 'siteadmin' 4 | password = keyring.get_password('cisco', 'siteadmin') 5 | 6 | ROUTER_1 = { 7 | 'device_type': 'cisco_ios', 8 | 'ip': '192.168.254.1', 9 | 'username': username, 10 | 'password': password, 11 | 'default_enter': '\r\n' 12 | } 13 | 14 | ROUTER_2 = { 15 | 'device_type': 'cisco_ios', 16 | 'ip': '192.168.254.5', 17 | 'username': username, 18 | 'password': password, 19 | 'default_enter': '\r\n' 20 | } 21 | 22 | SWITCH_CORE = { 23 | 'device_type': 'cisco_ios', 24 | 'ip': '192.168.255.1', 25 | 'username': username, 26 | 'password': password, 27 | 'default_enter': '\r\n' 28 | } 29 | 30 | SWITCH_ACCESS_1 = { 31 | 'device_type': 'cisco_ios', 32 | 'ip': '192.168.255.11', 33 | 'username': username, 34 | 'password': password, 35 | 'default_enter': '\r\n' 36 | } 37 | 38 | SWITCH_ACCESS_2 = { 39 | 'device_type': 'cisco_ios', 40 | 'ip': '192.168.255.12', 41 | 'username': username, 42 | 'password': password, 43 | 'default_enter': '\r\n' 44 | } 45 | 46 | SWITCH_ACCESS_3 = { 47 | 'device_type': 'cisco_ios', 48 | 'ip': '192.168.255.13', 49 | 'username': username, 50 | 'password': password, 51 | 'default_enter': '\r\n' 52 | } 53 | 54 | SWITCH_ACCESS_4 = { 55 | 'device_type': 'cisco_ios', 56 | 'ip': '192.168.255.14', 57 | 'username': username, 58 | 'password': password, 59 | 'default_enter': '\r\n' 60 | } 61 | 62 | SWITCH_ACCESS_5 = { 63 | 'device_type': 'cisco_ios', 64 | 'ip': '192.168.255.15', 65 | 'username': username, 66 | 'password': password, 67 | 'default_enter': '\r\n' 68 | } 69 | 70 | SWITCH_ACCESS_6 = { 71 | 'device_type': 'cisco_ios', 72 | 'ip': '192.168.255.16', 73 | 'username': username, 74 | 'password': password, 75 | 'default_enter': '\r\n' 76 | } 77 | 78 | router_1 = [ROUTER_1] 79 | 80 | router_2 = [ROUTER_2] 81 | 82 | core_switch = [SWITCH_CORE] 83 | 84 | access_switches = [ 85 | SWITCH_ACCESS_1, 86 | SWITCH_ACCESS_2, 87 | SWITCH_ACCESS_3, 88 | SWITCH_ACCESS_4, 89 | SWITCH_ACCESS_5, 90 | SWITCH_ACCESS_6 91 | ] 92 | -------------------------------------------------------------------------------- /config_file_desktop_switch: -------------------------------------------------------------------------------- 1 | version 15.2 2 | no service pad 3 | service timestamps debug datetime msec localtime 4 | service timestamps log datetime msec localtime 5 | no service password-encryption 6 | ! 7 | hostname SWITCH_Desktop 8 | ! 9 | boot-start-marker 10 | boot-end-marker 11 | ! 12 | username siteadmin privilege 15 secret 5 $1$jdO0$npL69Z.0Xrelnv67Dj4hj1 13 | no aaa new-model 14 | ! 15 | clock timezone PST -8 0 16 | clock summer-time PDT recurring 17 | system mtu routing 1500 18 | ! 19 | ip domain-name event.tech 20 | login block-for 60 attempts 3 within 10 21 | login delay 3 22 | ! 23 | spanning-tree mode rapid-pvst 24 | spanning-tree extend system-id 25 | ! 26 | vlan internal allocation policy ascending 27 | ! 28 | lldp run 29 | ! 30 | interface GigabitEthernet0/1 31 | switchport access vlan 10 32 | switchport mode access 33 | spanning-tree portfast edge 34 | ! 35 | interface GigabitEthernet0/2 36 | switchport access vlan 10 37 | switchport mode access 38 | spanning-tree portfast edge 39 | ! 40 | interface GigabitEthernet0/3 41 | switchport access vlan 10 42 | switchport mode access 43 | spanning-tree portfast edge 44 | ! 45 | interface GigabitEthernet0/4 46 | switchport access vlan 10 47 | switchport mode access 48 | spanning-tree portfast edge 49 | ! 50 | interface GigabitEthernet0/5 51 | switchport access vlan 20 52 | switchport mode access 53 | spanning-tree portfast edge 54 | ! 55 | interface GigabitEthernet0/6 56 | switchport access vlan 20 57 | switchport mode access 58 | spanning-tree portfast edge 59 | ! 60 | interface GigabitEthernet0/7 61 | switchport access vlan 20 62 | switchport mode access 63 | spanning-tree portfast edge 64 | ! 65 | interface GigabitEthernet0/8 66 | switchport access vlan 20 67 | switchport mode access 68 | spanning-tree portfast edge 69 | ! 70 | interface GigabitEthernet0/9 71 | switchport mode trunk 72 | spanning-tree portfast edge 73 | ! 74 | interface GigabitEthernet0/10 75 | switchport mode trunk 76 | spanning-tree portfast edge 77 | ! 78 | interface Vlan1 79 | ip address dhcp 80 | ! 81 | ip forward-protocol nd 82 | no ip http server 83 | no ip http secure-server 84 | ! 85 | ip ssh time-out 30 86 | ip ssh authentication-retries 2 87 | ip ssh version 2 88 | ! 89 | ip access-list standard SSH 90 | permit 192.168.255.0 0.0.0.255 91 | ! 92 | no vstack 93 | ! 94 | line con 0 95 | session-timeout 10 96 | logging synchronous 97 | login local 98 | transport preferred none 99 | transport output ssh 100 | line vty 0 4 101 | session-timeout 10 102 | access-class SSH in 103 | logging synchronous 104 | login local 105 | transport preferred ssh 106 | transport input ssh 107 | transport output ssh 108 | line vty 5 15 109 | session-timeout 10 110 | access-class SSH in 111 | logging synchronous 112 | login local 113 | transport preferred ssh 114 | transport input ssh 115 | transport output ssh 116 | ! 117 | ntp server time.cloudflare.com source vlan 1 118 | ! 119 | crypto key generate rsa modulus 2096 120 | ! 121 | end 122 | -------------------------------------------------------------------------------- /config_file_router_2: -------------------------------------------------------------------------------- 1 | version 17.9 2 | service timestamps debug datetime msec localtime 3 | service timestamps log datetime msec localtime 4 | service call-home 5 | service unsupported-transceiver 6 | platform qfp utilization monitor load 80 7 | platform punt-keepalive disable-kernel-core 8 | ! 9 | hostname ROUTER_2 10 | ! 11 | boot-start-marker 12 | boot system flash c8000be-universalk9.17.09.04a.SPA.bin 13 | boot-end-marker 14 | ! 15 | no aaa new-model 16 | clock timezone PST -8 0 17 | clock summer-time PDT recurring 18 | ! 19 | ip name-server 8.8.8.8 8.8.4.4 20 | ip domain lookup source-interface TenGigabitEthernet0/0/5 21 | ip domain name event.tech 22 | ! 23 | login block-for 60 attempts 3 within 10 24 | login delay 3 25 | login on-success log 26 | ! 27 | subscriber templating 28 | ! 29 | vtp version 1 30 | ! 31 | multilink bundle-name authenticated 32 | ! 33 | flow record FlowRecord 34 | match ipv4 protocol 35 | match ipv4 source address 36 | match ipv4 destination address 37 | match transport destination-port 38 | match transport source-port 39 | collect counter bytes long 40 | collect counter packets long 41 | ! 42 | flow exporter FlowExporter 43 | destination 172.18.0.6 44 | source TenGigabitEthernet0/0/5 45 | transport udp 2055 46 | ! 47 | flow monitor FlowMonitor 48 | exporter FlowExporter 49 | cache timeout active 60 50 | record FlowRecord 51 | ! 52 | crypto pki trustpoint SLA-TrustPoint 53 | enrollment terminal 54 | revocation-check crl 55 | hash sha256 56 | ! 57 | crypto pki certificate chain SLA-TrustPoint 58 | ! 59 | crypto pki certificate pool 60 | ! 61 | license feature hseck9 62 | license udi pid C8300-1N1S-4T2X sn FLM2722116J 63 | license boot level network-advantage addon dna-advantage 64 | license smart transport smart 65 | ! 66 | archive 67 | path bootflash:config 68 | write-memory 69 | memory free low-watermark processor 69075 70 | ! 71 | diagnostic bootup level minimal 72 | ! 73 | spanning-tree extend system-id 74 | ! 75 | username siteadmin privilege 15 secret 9 $9$8BxcXuyWur86w.$cNQlzKnWV8hxAc0yAITmD.5Zf4ruzOSMpDbKok/2ZbM 76 | ! 77 | redundancy 78 | mode none 79 | ! 80 | track 1 ip sla 1 reachability 81 | delay down 3 up 30 82 | ! 83 | interface Loopback1 84 | description 1.1 85 | ip address 169.254.1.2 255.255.255.255 86 | ! 87 | interface GigabitEthernet0/0/0 88 | no ip address 89 | shutdown 90 | negotiation auto 91 | ! 92 | interface GigabitEthernet0/0/1 93 | no ip address 94 | shutdown 95 | negotiation auto 96 | ! 97 | interface GigabitEthernet0/0/2 98 | no ip address 99 | shutdown 100 | negotiation auto 101 | ! 102 | interface GigabitEthernet0/0/3 103 | no ip address 104 | shutdown 105 | negotiation auto 106 | ! 107 | interface TenGigabitEthernet0/0/4 108 | description ISP_2 109 | bandwidth 1000000 110 | ip address 47.176.60.42 255.255.255.248 111 | ip nat outside 112 | load-interval 30 113 | no cdp enable 114 | ! 115 | interface TenGigabitEthernet0/0/5 116 | description CORE_SWITCH 117 | ip flow monitor FlowMonitor input 118 | ip address 192.168.254.5 255.255.255.252 119 | ip nat inside 120 | ip ospf network point-to-point 121 | negotiation auto 122 | ! 123 | interface TenGigabitEthernet0/1/0 124 | description ROUTER_1 125 | ip flow monitor FlowMonitor input 126 | ip address 192.168.254.14 255.255.255.252 127 | ip nat inside 128 | ip ospf network point-to-point 129 | negotiation auto 130 | ! 131 | router ospf 1 132 | router-id 169.254.1.2 133 | passive-interface default 134 | no passive-interface TenGigabitEthernet0/0/5 135 | no passive-interface TenGigabitEthernet0/1/0 136 | network 192.168.254.5 0.0.0.0 area 0 137 | network 192.168.254.14 0.0.0.0 area 0 138 | default-information originate metric 100 139 | ! 140 | no ip http server 141 | ip http authentication local 142 | no ip http secure-server 143 | ip http client source-interface TenGigabitEthernet0/0/5 144 | ip forward-protocol nd 145 | ip tftp source-interface TenGigabitEthernet0/0/5 146 | ! 147 | ip nat inside source list NAT_ACL interface TenGigabitEthernet0/0/4 overload 148 | ! 149 | ip route 0.0.0.0 0.0.0.0 47.176.60.41 track 1 150 | ip route 8.8.8.8 255.255.255.255 47.176.60.41 151 | ! 152 | ip ssh time-out 30 153 | ip ssh authentication-retries 2 154 | ip ssh version 2 155 | ip ssh client algorithm mac hmac-sha2-256 hmac-sha2-256-etm@openssh.com hmac-sha2-512 hmac-sha2-512-etm@openssh.com 156 | ip ssh client algorithm encryption aes128-cbc aes128-ctr aes128-gcm aes192-cbc aes192-ctr aes256-cbc aes256-ctr aes256-gcm 157 | ip ssh client algorithm kex diffie-hellman-group14-sha1 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 158 | ! 159 | ip access-list standard SSH 160 | 10 permit 192.168.255.0 0.0.0.255 161 | ! 162 | ip access-list extended NAT_ACL 163 | 10 permit ip 10.10.240.0 0.0.15.255 any 164 | 20 permit ip 10.20.240.0 0.0.15.255 any 165 | 25 deny ip host 192.168.255.5 10.10.8.0 0.0.7.255 166 | 30 permit ip 192.168.255.0 0.0.0.255 any 167 | 40 permit ip 192.168.254.0 0.0.0.255 any 168 | ! 169 | ip sla 1 170 | icmp-echo 8.8.8.8 source-ip 192.168.254.5 171 | threshold 3000 172 | timeout 3000 173 | frequency 3 174 | ip sla schedule 1 life forever start-time now 175 | ! 176 | snmp-server community H0ck3y RO 177 | ! 178 | control-plane 179 | ! 180 | mgcp behavior rsip-range tgcp-only 181 | mgcp behavior comedia-role none 182 | mgcp behavior comedia-check-media-src disable 183 | mgcp behavior comedia-sdp-force disable 184 | mgcp profile default 185 | ! 186 | line con 0 187 | session-timeout 20 188 | exec-timeout 20 0 189 | logging synchronous 190 | login local 191 | transport preferred none 192 | transport output ssh 193 | stopbits 1 194 | line aux 0 195 | stopbits 1 196 | line vty 0 4 197 | session-timeout 20 198 | access-class SSH in 199 | exec-timeout 20 0 200 | logging synchronous 201 | login local 202 | transport preferred ssh 203 | transport input ssh 204 | transport output ssh 205 | line vty 5 15 206 | session-timeout 20 207 | access-class SSH in 208 | exec-timeout 20 0 209 | logging synchronous 210 | login local 211 | transport preferred ssh 212 | transport input ssh 213 | transport output ssh 214 | ! 215 | call-home 216 | ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com 217 | ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications. 218 | contact-email-addr sch-smart-licensing@cisco.com 219 | source-interface TenGigabitEthernet0/0/5 220 | profile "CiscoTAC-1" 221 | active 222 | anonymous-reporting-only 223 | destination transport-method http 224 | ! 225 | ntp server ip time.cloudflare.com source TenGigabitEthernet0/0/5 226 | ! 227 | end 228 | -------------------------------------------------------------------------------- /config_file_router_1: -------------------------------------------------------------------------------- 1 | version 17.12 2 | service timestamps debug datetime msec localtime 3 | service timestamps log datetime msec localtime 4 | service call-home 5 | service unsupported-transceiver 6 | platform qfp utilization monitor load 80 7 | platform punt-keepalive disable-kernel-core 8 | ! 9 | hostname ROUTER_1 10 | ! 11 | boot-start-marker 12 | boot system flash c8000be-universalk9_npe.17.12.03a.SPA.conf 13 | boot-end-marker 14 | ! 15 | no aaa new-model 16 | clock timezone PST -8 0 17 | clock summer-time PDT recurring 18 | ! 19 | ip name-server 8.8.8.8 8.8.4.4 20 | ip domain lookup source-interface TenGigabitEthernet0/0/5 21 | ip domain name event.tech 22 | ! 23 | login block-for 60 attempts 3 within 10 24 | login delay 3 25 | login on-success log 26 | ! 27 | subscriber templating 28 | ! 29 | vtp version 1 30 | ! 31 | multilink bundle-name authenticated 32 | ! 33 | flow record FlowRecord 34 | match ipv4 protocol 35 | match ipv4 source address 36 | match ipv4 destination address 37 | match transport destination-port 38 | match transport source-port 39 | collect counter bytes long 40 | collect counter packets long 41 | ! 42 | flow exporter FlowExporter 43 | destination 172.18.0.6 44 | source TenGigabitEthernet0/0/5 45 | transport udp 2055 46 | ! 47 | flow monitor FlowMonitor 48 | exporter FlowExporter 49 | cache timeout active 60 50 | record FlowRecord 51 | ! 52 | crypto pki trustpoint SLA-TrustPoint 53 | enrollment terminal 54 | revocation-check crl 55 | hash sha256 56 | ! 57 | crypto pki certificate chain SLA-TrustPoint 58 | ! 59 | crypto pki certificate pool 60 | ! 61 | license feature hseck9 62 | license udi pid C8300-1N1S-4T2X sn FLM2715129A 63 | license boot level network-advantage addon dna-advantage 64 | license smart transport smart 65 | ! 66 | archive 67 | path bootflash:config 68 | write-memory 69 | memory free low-watermark processor 69075 70 | ! 71 | diagnostic bootup level minimal 72 | ! 73 | spanning-tree extend system-id 74 | ! 75 | username siteadmin privilege 15 secret 9 $9$8BxcXuyWur86w.$cNQlzKnWV8hxAc0yAITmD.5Zf4ruzOSMpDbKok/2ZbM 76 | ! 77 | redundancy 78 | mode none 79 | ! 80 | track 1 ip sla 1 reachability 81 | delay down 3 up 30 82 | ! 83 | interface Loopback1 84 | description 1.1 85 | ip address 169.254.1.1 255.255.255.255 86 | ! 87 | interface GigabitEthernet0/0/0 88 | no ip address 89 | shutdown 90 | negotiation auto 91 | ! 92 | interface GigabitEthernet0/0/1 93 | no ip address 94 | shutdown 95 | negotiation auto 96 | ! 97 | interface GigabitEthernet0/0/2 98 | no ip address 99 | shutdown 100 | negotiation auto 101 | ! 102 | interface GigabitEthernet0/0/3 103 | no ip address 104 | shutdown 105 | negotiation auto 106 | ! 107 | interface TenGigabitEthernet0/0/4 108 | description ISP_1 109 | bandwidth 5000000 110 | ip address 12.13.232.162 255.255.255.248 111 | ip nat outside 112 | load-interval 30 113 | no cdp enable 114 | ! 115 | interface TenGigabitEthernet0/0/5 116 | description CORE_SWITCH 117 | ip flow monitor FlowMonitor input 118 | ip address 192.168.254.1 255.255.255.252 119 | ip nat inside 120 | ip ospf network point-to-point 121 | negotiation auto 122 | ! 123 | interface TenGigabitEthernet0/1/0 124 | description ROUTER_2 125 | ip flow monitor FlowMonitor input 126 | ip address 192.168.254.13 255.255.255.252 127 | ip nat inside 128 | ip ospf network point-to-point 129 | negotiation auto 130 | ! 131 | router ospf 1 132 | router-id 169.254.1.1 133 | passive-interface default 134 | no passive-interface TenGigabitEthernet0/0/5 135 | no passive-interface TenGigabitEthernet0/1/0 136 | network 192.168.254.1 0.0.0.0 area 0 137 | network 192.168.254.13 0.0.0.0 area 0 138 | default-information originate 139 | ! 140 | no ip http server 141 | ip http authentication local 142 | no ip http secure-server 143 | ip http client source-interface TenGigabitEthernet0/0/5 144 | ip forward-protocol nd 145 | ip tftp source-interface TenGigabitEthernet0/0/5 146 | ! 147 | ip nat inside source list NAT_ACL interface TenGigabitEthernet0/0/4 overload 148 | ! 149 | ip route 0.0.0.0 0.0.0.0 12.13.232.161 track 1 150 | ip route 8.8.8.8 255.255.255.255 12.13.232.161 151 | ! 152 | ip ssh time-out 30 153 | ip ssh authentication-retries 2 154 | ip ssh version 2 155 | ip ssh client algorithm mac hmac-sha2-256 hmac-sha2-256-etm@openssh.com hmac-sha2-512 hmac-sha2-512-etm@openssh.com 156 | ip ssh client algorithm encryption aes128-cbc aes128-ctr aes128-gcm aes192-cbc aes192-ctr aes256-cbc aes256-ctr aes256-gcm 157 | ip ssh client algorithm kex diffie-hellman-group14-sha1 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 158 | ! 159 | ip access-list standard SSH 160 | 10 permit 192.168.255.0 0.0.0.255 161 | ! 162 | ip access-list extended NAT_ACL 163 | 10 permit ip 10.10.240.0 0.0.15.255 any 164 | 20 permit ip 10.20.240.0 0.0.15.255 any 165 | 25 deny ip host 192.168.255.5 10.10.8.0 0.0.7.255 166 | 30 permit ip 192.168.255.0 0.0.0.255 any 167 | 40 permit ip 192.168.254.0 0.0.0.255 any 168 | ! 169 | ip sla 1 170 | icmp-echo 8.8.8.8 source-ip 192.168.254.1 171 | threshold 3000 172 | timeout 3000 173 | frequency 3 174 | ip sla schedule 1 life forever start-time now 175 | ! 176 | snmp-server community H0ck3y RO 177 | ! 178 | control-plane 179 | ! 180 | mgcp behavior rsip-range tgcp-only 181 | mgcp behavior comedia-role none 182 | mgcp behavior comedia-check-media-src disable 183 | mgcp behavior comedia-sdp-force disable 184 | mgcp profile default 185 | ! 186 | line con 0 187 | session-timeout 20 188 | exec-timeout 20 0 189 | logging synchronous 190 | login local 191 | transport preferred none 192 | transport output ssh 193 | stopbits 1 194 | line aux 0 195 | stopbits 1 196 | line vty 0 4 197 | session-timeout 20 198 | access-class SSH in 199 | exec-timeout 20 0 200 | logging synchronous 201 | login local 202 | transport preferred ssh 203 | transport input ssh 204 | transport output ssh 205 | line vty 5 15 206 | session-timeout 20 207 | access-class SSH in 208 | exec-timeout 20 0 209 | logging synchronous 210 | login local 211 | transport preferred ssh 212 | transport input ssh 213 | transport output ssh 214 | ! 215 | call-home 216 | ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com 217 | ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications. 218 | contact-email-addr sch-smart-licensing@cisco.com 219 | source-interface TenGigabitEthernet0/0/5 220 | profile "CiscoTAC-1" 221 | active 222 | anonymous-reporting-only 223 | destination transport-method http 224 | ! 225 | ntp server ip time.cloudflare.com source TenGigabitEthernet0/0/5 226 | ! 227 | end 228 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Network Automation Using GitHub Actions and Unimus 2 | 3 | 4 | ## Project Overview 5 | Network automation framework based on the following **[GitOps Principles](https://opengitops.dev/)**: 6 | - **GitHub** is assumed to be the [Single Source of Truth](https://en.wikipedia.org/wiki/Single_source_of_truth) - all data related to the definition of the solution is documented here 7 | - All device configurations are defined as `code` and stored in a [distributed version control system](https://en.wikipedia.org/wiki/Distributed_version_control) repository 8 | - Configuration files are in **raw format** and use a [declarative](https://en.wikipedia.org/wiki/Declarative_programming) language syntax to describe the **desired** system state 9 | - All configuration changes are initiated via **Git** and are implemented programmatically via **GitHub Actions** 10 | - Manual changes by directly modifying device configurations are **not permitted** 11 | - Configurations are [immutable](https://en.wikipedia.org/wiki/Immutable_object) - incremental changes are **not permitted** 12 | - Devices' configuration is either fully replaced (`config replace`) via **TFTP** or a device is wiped clean when powered off, and new config is loaded via **DHCP** upon reboot 13 | - Rollbacks are simplified with a single command (`git revert HEAD`) 14 | - Devices' **actual** state is continuously monitored and compared to the **desired** state 15 | - **Alerts** are generated if any configuration changes resulting in **deviation** from the desired state are detected 16 | - GitHub documents the entire history of past changes (who did what, when, and why) and all team collaboration (pull requests, issue tracking, comments) 17 | 18 | 19 | ## Solution Components 20 | - GitHub repository - the source of truth for device configurations 21 | - [GitHub Actions self-hosted runner](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners) - software agent that runs GitHub Actions workflow jobs 22 | - [Ubuntu 20.04 Docker container](https://hub.docker.com/_/ubuntu) - hosts the GitHub Actions runner and the TFTP server 23 | - [Opengear OOB access server](https://opengear.com/products/om2200-operations-manager/) - bare metal server running the Docker Engine 24 | - [Unimus](https://unimus.net/) - network automation tool for mass config push, device backup, config audit, and drift detection 25 | - [Slack](https://slack.com) - Unimus config change notifications, GitHub repo activities notifications, and GitHub issues actions 26 | - [Pabbly](https://connect.pabbly.com/) - workflow automation tool generating GitHub issues from the config change notifications sent from Unimus to Slack 27 | 28 | 29 | ## Reference Architecture 30 | ![](/diagram-network-automation-github-actions.png) 31 | 32 | 33 | ## Usage 34 | **Workflow steps** 35 | - Network operator proposes a change to modify a device(s)' configuration state 36 | - *Standard* change - a low-risk change that's pre-approved and follows documented, repeatable tasks 37 | - clone this repo 38 | - modify the device configuration file(s) 39 | - commit and push directly to the main branch 40 | - *Normal* change - a moderate or high-risk change that requires code review and approval prior to deployment 41 | - clone this repo, create a new branch and publish it 42 | - modify the device configuration file(s) 43 | - commit changes to the new branch and push to origin 44 | - create a pull request to submit proposed change(s) 45 | - pull request peer review 46 | - pre-deployment testing (functional/integration/performance) for complex and high-risk changes 47 | - pull request approval and merge based on validation test results 48 | - GitHub Actions workflow is triggered 49 | - Self-hosted runner starts running the job(s) 50 | - Unimus starts the mass config push to the selected devices 51 | - Static testing (syntax check/config validation) by the device NOS 52 | - Devices' configuration is replaced and saved 53 | - Operator gets a Slack notification describing the config change(s) 54 | - Unimus continuously backs up and audits devices' operational state and generates alerts if config drift is detected 55 | - If a device's configuration is changed manually, network operator will get a Slack message describing the change which will in turn automatically create a new GitHub issue 56 | - Operator can take action on the issue directly from Slack (assign, label, close, reopen) 57 | - Assigning a label will start a corresponding GitHub Actions workflow to restore the device's modified current state config to match its desired state config as described in the GitHub repo 58 | 59 | 60 | ## Build 61 | **Download and run Ubuntu on Opengear** 62 | ``` 63 | sudo -i 64 | docker pull ubuntu 65 | docker run -it ubuntu 66 | ``` 67 | 68 | **Install required packages** 69 | ``` 70 | apt update && apt upgrade -y 71 | 72 | apt install apt-utils curl git iputils-ping tftpd-hpa vim wget -y 73 | apt install software-properties-common -y 74 | ``` 75 | 76 | **Install [GitHub CLI](https://github.com/cli/cli/blob/trunk/docs/install_linux.md), login to GitHub and store GH credentials in git** 77 | - *Create a Personal Access Token: github.com > profile pic > Settings > Developer settings > Personal access tokens > Generate new token: repo, read:org* 78 | ``` 79 | type -p curl >/dev/null || (apt update && apt install curl -y) 80 | curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \ 81 | && chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \ 82 | && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | tee /etc/apt/sources.list.d/github-cli.list > /dev/null \ 83 | && apt update \ 84 | && apt install gh -y 85 | 86 | gh auth login (GitHub.com > HTTPS > n > Paste an authentication token) 87 | 88 | git config --global credential.helper store 89 | ``` 90 | 91 | **Create a new user and directories** 92 | ``` 93 | useradd -ms /bin/bash siteadmin && su siteadmin 94 | mkdir /home/siteadmin/actions-runner && mkdir /home/siteadmin/actions-runner/network-automation-github-actions 95 | ``` 96 | 97 | **Configure and start the TFTP service as root** 98 | ``` 99 | cat /etc/default/tftpd-hpa 100 | vi /etc/default/tftpd-hpa 101 | 102 | TFTP_USERNAME="siteadmin" 103 | TFTP_DIRECTORY="/home/siteadmin/actions-runner/network-automation-github-actions" 104 | TFTP_ADDRESS=":69" 105 | TFTP_OPTIONS="--secure" 106 | 107 | # start the TFTP service 108 | /etc/init.d/tftpd-hpa start 109 | 110 | # and verify that it's running 111 | service --status-all 112 | ``` 113 | 114 | **Clone this repo** 115 | ``` 116 | su siteadmin 117 | cd /home/siteadmin/actions-runner/ 118 | git clone https://github.com/gdmoney/network-automation-github-actions.git 119 | ``` 120 | 121 | **Modify file permissions** 122 | ``` 123 | chmod 755 _access.sh _core.sh _router_1.sh _router_2.sh 124 | ``` 125 | 126 | **Download, extract, configure, and run the GitHub Actions self-hosted runner** 127 | - *Get the version number and the token from: github.com > repo > Settings > Actions > Runners > New runner > New self-hosted runner* 128 | ``` 129 | curl -o actions-runner-linux-x64-2.305.0.tar.gz -L https://github.com/actions/runner/releases/download/v2.305.0/actions-runner-linux-x64-2.305.0.tar.gz 130 | 131 | tar xzf ./actions-runner-linux-x64-2.305.0.tar.gz 132 | 133 | ./config.sh --url https://github.com/gdmoney/network-automation-github-actions --token 134 | 135 | ./run.sh 136 | 137 | Connected to GitHub 138 | Listening for Jobs 139 | ``` 140 | 141 | 142 | ## Troubleshooting 143 | **After Opengear restart** 144 | - *Manually start the Datadog container and verify it still has the .6 IP address* 145 | - *Attach to the Ubuntu container, start the TFTP service as `root` and the GitHub Actions runner as `siteadmin`* 146 | ``` 147 | /etc/init.d/tftpd-hpa start 148 | service --status-all 149 | 150 | su siteadmin 151 | cd /home/siteadmin/actions-runner/ 152 | ./run.sh 153 | ``` 154 | **Reconfigure self-hosted runner after deleting it on GitHub** 155 | ``` 156 | rm .runner 157 | ./config.sh --url https://github.com/gdmoney/network-automation-github-actions --token 158 | ./run.sh 159 | ``` 160 | -------------------------------------------------------------------------------- /config_file_access_switch: -------------------------------------------------------------------------------- 1 | version 17.9 2 | service timestamps debug datetime msec localtime 3 | service timestamps log datetime msec localtime 4 | service call-home 5 | service unsupported-transceiver 6 | no platform punt-keepalive disable-kernel-core 7 | ! 8 | hostname SWITCH_ACCESS 9 | ! 10 | vrf definition Mgmt-vrf 11 | ! 12 | address-family ipv4 13 | exit-address-family 14 | ! 15 | address-family ipv6 16 | exit-address-family 17 | ! 18 | no aaa new-model 19 | clock timezone PST -8 0 20 | clock summer-time PDT recurring 21 | boot system switch all flash:cat9k_iosxe.17.09.04a.SPA.bin 22 | switch 1 provision c9300-48uxm 23 | ! 24 | ip name-server 8.8.8.8 8.8.4.4 25 | ip domain name event.tech 26 | ! 27 | login block-for 60 attempts 3 within 10 28 | login delay 3 29 | login on-success log 30 | vtp version 1 31 | ! 32 | crypto pki trustpoint SLA-TrustPoint 33 | enrollment terminal 34 | revocation-check crl 35 | ! 36 | crypto pki certificate chain SLA-TrustPoint 37 | ! 38 | crypto pki certificate pool 39 | ! 40 | license boot level network-advantage addon dna-advantage 41 | license smart url https://smartreceiver.cisco.com/licservice/license 42 | license smart url smart https://smartreceiver.cisco.com/licservice/license 43 | license smart transport smart 44 | license smart privacy hostname 45 | license smart privacy version 46 | ! 47 | archive 48 | path flash:config 49 | write-memory 50 | memory free low-watermark processor 134344 51 | hw-module switch 1 upoe-plus 52 | ! 53 | diagnostic bootup level minimal 54 | ! 55 | spanning-tree mode rapid-pvst 56 | spanning-tree extend system-id 57 | ! 58 | no errdisable detect cause all 59 | ! 60 | username siteadmin privilege 15 secret 9 $14$AofX$6sMZVA0kaJbn5E$jfkHIpPHnQbsbSajBPz/A5ExCD3Ox.jKDuL3NxvSM4g 61 | ! 62 | redundancy 63 | mode sso 64 | crypto engine compliance shield disable 65 | ! 66 | transceiver type all 67 | monitoring 68 | ! 69 | lldp run 70 | ! 71 | class-map match-any system-cpp-police-ewlc-control 72 | description EWLC Control 73 | class-map match-any system-cpp-police-topology-control 74 | description Topology control 75 | class-map match-any system-cpp-police-sw-forward 76 | description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic 77 | class-map match-any system-cpp-default 78 | description EWLC Data, Inter FED Traffic 79 | class-map match-any system-cpp-police-sys-data 80 | description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed 81 | class-map match-any system-cpp-police-punt-webauth 82 | description Punt Webauth 83 | class-map match-any system-cpp-police-l2lvx-control 84 | description L2 LVX control packets 85 | class-map match-any system-cpp-police-forus 86 | description Forus Address resolution and Forus traffic 87 | class-map match-any system-cpp-police-multicast-end-station 88 | description MCAST END STATION 89 | class-map match-any system-cpp-police-high-rate-app 90 | description High Rate Applications 91 | class-map match-any system-cpp-police-multicast 92 | description MCAST Data 93 | class-map match-any system-cpp-police-l2-control 94 | description L2 control 95 | class-map match-any system-cpp-police-dot1x-auth 96 | description DOT1X Auth 97 | class-map match-any system-cpp-police-data 98 | description ICMP redirect, ICMP_GEN and BROADCAST 99 | class-map match-any system-cpp-police-stackwise-virt-control 100 | description Stackwise Virtual OOB 101 | class-map match-any non-client-nrt-class 102 | class-map match-any system-cpp-police-routing-control 103 | description Routing control and Low Latency 104 | class-map match-any system-cpp-police-protocol-snooping 105 | description Protocol snooping 106 | class-map match-any system-cpp-police-dhcp-snooping 107 | description DHCP snooping 108 | class-map match-any system-cpp-police-ios-routing 109 | description L2 control, Topology control, Routing control, Low Latency 110 | class-map match-any system-cpp-police-system-critical 111 | description System Critical and Gold Pkt 112 | class-map match-any system-cpp-police-ios-feature 113 | description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed 114 | ! 115 | policy-map system-cpp-policy 116 | ! 117 | interface Port-channel1 118 | description SWITCH_CORE.1 119 | switchport mode trunk 120 | ! 121 | interface GigabitEthernet0/0 122 | vrf forwarding Mgmt-vrf 123 | no ip address 124 | shutdown 125 | negotiation auto 126 | ! 127 | interface TwoGigabitEthernet1/0/1 128 | switchport access vlan 10 129 | switchport mode access 130 | power inline port 2-event 131 | spanning-tree portfast 132 | ! 133 | interface TwoGigabitEthernet1/0/2 134 | switchport access vlan 10 135 | switchport mode access 136 | power inline port 2-event 137 | spanning-tree portfast 138 | ! 139 | interface TwoGigabitEthernet1/0/3 140 | switchport access vlan 10 141 | switchport mode access 142 | power inline port 2-event 143 | spanning-tree portfast 144 | ! 145 | interface TwoGigabitEthernet1/0/4 146 | switchport access vlan 10 147 | switchport mode access 148 | power inline port 2-event 149 | spanning-tree portfast 150 | ! 151 | interface TwoGigabitEthernet1/0/5 152 | switchport access vlan 10 153 | switchport mode access 154 | power inline port 2-event 155 | spanning-tree portfast 156 | ! 157 | interface TwoGigabitEthernet1/0/6 158 | switchport access vlan 10 159 | switchport mode access 160 | power inline port 2-event 161 | spanning-tree portfast 162 | ! 163 | interface TwoGigabitEthernet1/0/7 164 | switchport access vlan 10 165 | switchport mode access 166 | power inline port 2-event 167 | spanning-tree portfast 168 | ! 169 | interface TwoGigabitEthernet1/0/8 170 | switchport access vlan 10 171 | switchport mode access 172 | power inline port 2-event 173 | spanning-tree portfast 174 | ! 175 | interface TwoGigabitEthernet1/0/9 176 | switchport access vlan 10 177 | switchport mode access 178 | power inline port 2-event 179 | spanning-tree portfast 180 | ! 181 | interface TwoGigabitEthernet1/0/10 182 | switchport access vlan 10 183 | switchport mode access 184 | power inline port 2-event 185 | spanning-tree portfast 186 | ! 187 | interface TwoGigabitEthernet1/0/11 188 | switchport access vlan 10 189 | switchport mode access 190 | power inline port 2-event 191 | spanning-tree portfast 192 | ! 193 | interface TwoGigabitEthernet1/0/12 194 | switchport access vlan 10 195 | switchport mode access 196 | power inline port 2-event 197 | spanning-tree portfast 198 | ! 199 | interface TwoGigabitEthernet1/0/13 200 | switchport access vlan 10 201 | switchport mode access 202 | power inline port 2-event 203 | spanning-tree portfast 204 | ! 205 | interface TwoGigabitEthernet1/0/14 206 | switchport access vlan 10 207 | switchport mode access 208 | power inline port 2-event 209 | spanning-tree portfast 210 | ! 211 | interface TwoGigabitEthernet1/0/15 212 | switchport access vlan 10 213 | switchport mode access 214 | power inline port 2-event 215 | spanning-tree portfast 216 | ! 217 | interface TwoGigabitEthernet1/0/16 218 | switchport access vlan 10 219 | switchport mode access 220 | power inline port 2-event 221 | spanning-tree portfast 222 | ! 223 | interface TwoGigabitEthernet1/0/17 224 | switchport access vlan 10 225 | switchport mode access 226 | power inline port 2-event 227 | spanning-tree portfast 228 | ! 229 | interface TwoGigabitEthernet1/0/18 230 | switchport access vlan 10 231 | switchport mode access 232 | power inline port 2-event 233 | spanning-tree portfast 234 | ! 235 | interface TwoGigabitEthernet1/0/19 236 | switchport access vlan 10 237 | switchport mode access 238 | power inline port 2-event 239 | spanning-tree portfast 240 | ! 241 | interface TwoGigabitEthernet1/0/20 242 | switchport access vlan 10 243 | switchport mode access 244 | power inline port 2-event 245 | spanning-tree portfast 246 | ! 247 | interface TwoGigabitEthernet1/0/21 248 | switchport access vlan 10 249 | switchport mode access 250 | power inline port 2-event 251 | spanning-tree portfast 252 | ! 253 | interface TwoGigabitEthernet1/0/22 254 | switchport access vlan 10 255 | switchport mode access 256 | power inline port 2-event 257 | spanning-tree portfast 258 | ! 259 | interface TwoGigabitEthernet1/0/23 260 | switchport access vlan 10 261 | switchport mode access 262 | power inline port 2-event 263 | spanning-tree portfast 264 | ! 265 | interface TwoGigabitEthernet1/0/24 266 | switchport access vlan 10 267 | switchport mode access 268 | power inline port 2-event 269 | spanning-tree portfast 270 | ! 271 | interface TwoGigabitEthernet1/0/25 272 | switchport access vlan 20 273 | switchport mode access 274 | power inline port 2-event 275 | spanning-tree portfast 276 | ! 277 | interface TwoGigabitEthernet1/0/26 278 | switchport access vlan 20 279 | switchport mode access 280 | power inline port 2-event 281 | spanning-tree portfast 282 | ! 283 | interface TwoGigabitEthernet1/0/27 284 | switchport access vlan 20 285 | switchport mode access 286 | power inline port 2-event 287 | spanning-tree portfast 288 | ! 289 | interface TwoGigabitEthernet1/0/28 290 | switchport access vlan 20 291 | switchport mode access 292 | power inline port 2-event 293 | spanning-tree portfast 294 | ! 295 | interface TwoGigabitEthernet1/0/29 296 | switchport access vlan 20 297 | switchport mode access 298 | power inline port 2-event 299 | spanning-tree portfast 300 | ! 301 | interface TwoGigabitEthernet1/0/30 302 | switchport access vlan 20 303 | switchport mode access 304 | power inline port 2-event 305 | spanning-tree portfast 306 | ! 307 | interface TwoGigabitEthernet1/0/31 308 | switchport access vlan 20 309 | switchport mode access 310 | power inline port 2-event 311 | spanning-tree portfast 312 | ! 313 | interface TwoGigabitEthernet1/0/32 314 | switchport access vlan 20 315 | switchport mode access 316 | power inline port 2-event 317 | spanning-tree portfast 318 | ! 319 | interface TwoGigabitEthernet1/0/33 320 | switchport access vlan 20 321 | switchport mode access 322 | power inline port 2-event 323 | spanning-tree portfast 324 | ! 325 | interface TwoGigabitEthernet1/0/34 326 | switchport access vlan 20 327 | switchport mode access 328 | power inline port 2-event 329 | spanning-tree portfast 330 | ! 331 | interface TwoGigabitEthernet1/0/35 332 | switchport access vlan 20 333 | switchport mode access 334 | power inline port 2-event 335 | spanning-tree portfast 336 | ! 337 | interface TwoGigabitEthernet1/0/36 338 | switchport access vlan 20 339 | switchport mode access 340 | power inline port 2-event 341 | spanning-tree portfast 342 | ! 343 | interface TenGigabitEthernet1/0/37 344 | switchport mode trunk 345 | power inline port 2-event 346 | spanning-tree portfast 347 | ! 348 | interface TenGigabitEthernet1/0/38 349 | switchport mode trunk 350 | power inline port 2-event 351 | spanning-tree portfast 352 | ! 353 | interface TenGigabitEthernet1/0/39 354 | switchport mode trunk 355 | power inline port 2-event 356 | spanning-tree portfast 357 | ! 358 | interface TenGigabitEthernet1/0/40 359 | switchport mode trunk 360 | power inline port 2-event 361 | spanning-tree portfast 362 | ! 363 | interface TenGigabitEthernet1/0/41 364 | switchport mode trunk 365 | power inline port 2-event 366 | spanning-tree portfast 367 | ! 368 | interface TenGigabitEthernet1/0/42 369 | switchport mode trunk 370 | power inline port 2-event 371 | spanning-tree portfast 372 | ! 373 | interface TenGigabitEthernet1/0/43 374 | switchport mode trunk 375 | power inline port 2-event 376 | spanning-tree portfast 377 | ! 378 | interface TenGigabitEthernet1/0/44 379 | switchport mode trunk 380 | power inline port 2-event 381 | spanning-tree portfast 382 | ! 383 | interface TenGigabitEthernet1/0/45 384 | switchport mode trunk 385 | power inline port 2-event 386 | spanning-tree portfast 387 | ! 388 | interface TenGigabitEthernet1/0/46 389 | switchport mode trunk 390 | power inline port 2-event 391 | spanning-tree portfast 392 | ! 393 | interface TenGigabitEthernet1/0/47 394 | switchport mode trunk 395 | power inline port 2-event 396 | spanning-tree portfast 397 | ! 398 | interface TenGigabitEthernet1/0/48 399 | switchport mode trunk 400 | power inline port 2-event 401 | spanning-tree portfast 402 | ! 403 | interface GigabitEthernet1/1/1 404 | ! 405 | interface GigabitEthernet1/1/2 406 | ! 407 | interface GigabitEthernet1/1/3 408 | ! 409 | interface GigabitEthernet1/1/4 410 | ! 411 | interface TenGigabitEthernet1/1/1 412 | description SWITCH_CORE 413 | switchport mode trunk 414 | channel-group 1 mode on 415 | ! 416 | interface TenGigabitEthernet1/1/2 417 | description SWITCH_CORE 418 | switchport mode trunk 419 | channel-group 1 mode on 420 | ! 421 | interface TenGigabitEthernet1/1/3 422 | ! 423 | interface TenGigabitEthernet1/1/4 424 | ! 425 | interface TenGigabitEthernet1/1/5 426 | ! 427 | interface TenGigabitEthernet1/1/6 428 | ! 429 | interface TenGigabitEthernet1/1/7 430 | ! 431 | interface TenGigabitEthernet1/1/8 432 | ! 433 | interface FortyGigabitEthernet1/1/1 434 | ! 435 | interface FortyGigabitEthernet1/1/2 436 | ! 437 | interface TwentyFiveGigE1/1/1 438 | ! 439 | interface TwentyFiveGigE1/1/2 440 | ! 441 | interface AppGigabitEthernet1/0/1 442 | switchport mode trunk 443 | ! 444 | interface Vlan1 445 | ip address dhcp client-id Vlan1 446 | ! 447 | iox 448 | ip forward-protocol nd 449 | no ip http server 450 | no ip http secure-server 451 | ip http client source-interface Vlan1 452 | ip tftp source-interface Vlan1 453 | ip route 0.0.0.0 0.0.0.0 192.168.255.1 454 | ip ssh time-out 30 455 | ip ssh authentication-retries 2 456 | ip ssh version 2 457 | ! 458 | ip access-list standard SSH 459 | 10 permit 192.168.255.0 0.0.0.255 460 | ! 461 | snmp-server community H0ck3y RO 462 | ! 463 | control-plane 464 | service-policy input system-cpp-policy 465 | ! 466 | line con 0 467 | session-timeout 10 468 | logging synchronous 469 | login local 470 | transport preferred none 471 | transport output ssh 472 | stopbits 1 473 | line vty 0 4 474 | session-timeout 10 475 | access-class SSH in 476 | logging synchronous 477 | login local 478 | transport preferred ssh 479 | transport input ssh 480 | transport output ssh 481 | line vty 5 15 482 | session-timeout 10 483 | access-class SSH in 484 | logging synchronous 485 | login local 486 | transport preferred ssh 487 | transport input ssh 488 | transport output ssh 489 | line vty 16 31 490 | no login 491 | transport input none 492 | ! 493 | call-home 494 | ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com 495 | ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications. 496 | contact-email-addr sch-smart-licensing@cisco.com 497 | source-interface Vlan1 498 | profile "CiscoTAC-1" 499 | active 500 | anonymous-reporting-only 501 | destination transport-method http 502 | ! 503 | ntp server ip time.cloudflare.com source Vlan1 504 | ! 505 | app-hosting appid netbeez 506 | app-vnic AppGigabitEthernet trunk 507 | vlan 10 guest-interface 0 508 | app-resource docker 509 | app-resource profile custom 510 | cpu 7400 511 | memory 1000 512 | persist-disk 4000 513 | end 514 | -------------------------------------------------------------------------------- /config_file_core_switch: -------------------------------------------------------------------------------- 1 | version 17.9 2 | service timestamps debug datetime msec localtime 3 | service timestamps log datetime msec localtime 4 | service call-home 5 | service unsupported-transceiver 6 | no platform punt-keepalive disable-kernel-core 7 | ! 8 | hostname SWITCH_CORE 9 | ! 10 | vrf definition Mgmt-vrf 11 | ! 12 | address-family ipv4 13 | exit-address-family 14 | ! 15 | address-family ipv6 16 | exit-address-family 17 | ! 18 | no aaa new-model 19 | clock timezone PST -8 0 20 | clock summer-time PDT recurring 21 | boot system switch all flash:cat9k_iosxe.17.09.04a.SPA.bin 22 | switch 1 provision c9300-24ux 23 | switch 2 provision c9300-24ux 24 | ! 25 | ip routing 26 | ! 27 | ip name-server 8.8.8.8 8.8.4.4 28 | ip domain name event.tech 29 | ip dhcp excluded-address 10.10.240.1 10.10.240.20 30 | ip dhcp excluded-address 10.20.240.1 10.20.240.20 31 | ip dhcp excluded-address 192.168.255.1 192.168.255.20 32 | ! 33 | ip dhcp pool Net_Mgmt 34 | network 192.168.255.0 255.255.255.0 35 | default-router 192.168.255.1 36 | dns-server 8.8.8.8 8.8.4.4 37 | domain-name event.tech 38 | lease 8 39 | ! 40 | ip dhcp pool Users 41 | network 10.10.240.0 255.255.240.0 42 | default-router 10.10.240.1 43 | dns-server 8.8.8.8 8.8.4.4 44 | domain-name event.tech 45 | lease 0 4 46 | ! 47 | ip dhcp pool Video 48 | network 10.20.240.0 255.255.240.0 49 | default-router 10.20.240.1 50 | dns-server 8.8.8.8 8.8.4.4 51 | domain-name event.tech 52 | lease 0 4 53 | ! 54 | ip dhcp pool SWITCH_ACCESS_1 55 | host 192.168.255.11 255.255.255.0 56 | client-identifier 01d0.ec35.52f2.c7 57 | ! 58 | ip dhcp pool SWITCH_ACCESS_2 59 | host 192.168.255.12 255.255.255.0 60 | client-identifier 012c.73a0.84c3.c7 61 | ! 62 | ip dhcp pool SWITCH_ACCESS_3 63 | host 192.168.255.13 255.255.255.0 64 | client-identifier 012c.01b5.6920.47 65 | ! 66 | ip dhcp pool SWITCH_ACCESS_4 67 | host 192.168.255.14 255.255.255.0 68 | client-identifier 01d0.ec35.5361.c7 69 | ! 70 | ip dhcp pool SWITCH_ACCESS_5 71 | host 192.168.255.15 255.255.255.0 72 | client-identifier 01d0.ec35.4f6c.47 73 | ! 74 | ip dhcp pool SWITCH_ACCESS_6 75 | host 192.168.255.16 255.255.255.0 76 | client-identifier 012c.73a0.9c6c.c7 77 | ! 78 | login block-for 60 attempts 3 within 10 79 | login delay 3 80 | login on-success log 81 | ! 82 | no device-tracking logging theft 83 | ! 84 | crypto pki trustpoint SLA-TrustPoint 85 | enrollment terminal 86 | revocation-check crl 87 | ! 88 | crypto pki certificate chain SLA-TrustPoint 89 | ! 90 | crypto pki certificate pool 91 | cabundle nvram:ios_core.p7b 92 | ! 93 | license boot level network-advantage addon dna-advantage 94 | license smart url https://smartreceiver.cisco.com/licservice/license 95 | license smart url smart https://smartreceiver.cisco.com/licservice/license 96 | license smart transport smart 97 | license smart privacy hostname 98 | license smart privacy version 99 | ! 100 | archive 101 | path flash:config 102 | write-memory 103 | memory free low-watermark processor 134344 104 | hw-module switch 1 upoe-plus 105 | hw-module switch 2 upoe-plus 106 | ! 107 | diagnostic bootup level minimal 108 | ! 109 | spanning-tree mode rapid-pvst 110 | spanning-tree extend system-id 111 | spanning-tree vlan 1,10,20 priority 24576 112 | ! 113 | no errdisable detect cause all 114 | ! 115 | username siteadmin privilege 15 secret 9 $9$8BxcXuyWur86w.$cNQlzKnWV8hxAc0yAITmD.5Zf4ruzOSMpDbKok/2ZbM 116 | ! 117 | redundancy 118 | mode sso 119 | crypto engine compliance shield disable 120 | ! 121 | transceiver type all 122 | monitoring 123 | ! 124 | class-map match-any system-cpp-police-ewlc-control 125 | description EWLC Control 126 | class-map match-any system-cpp-police-topology-control 127 | description Topology control 128 | class-map match-any system-cpp-police-sw-forward 129 | description Sw forwarding, L2 LVX data packets, LOGGING, Transit Traffic 130 | class-map match-any system-cpp-default 131 | description EWLC Data, Inter FED Traffic 132 | class-map match-any system-cpp-police-sys-data 133 | description Openflow, Exception, EGR Exception, NFL Sampled Data, RPF Failed 134 | class-map match-any system-cpp-police-punt-webauth 135 | description Punt Webauth 136 | class-map match-any system-cpp-police-l2lvx-control 137 | description L2 LVX control packets 138 | class-map match-any system-cpp-police-forus 139 | description Forus Address resolution and Forus traffic 140 | class-map match-any system-cpp-police-multicast-end-station 141 | description MCAST END STATION 142 | class-map match-any system-cpp-police-high-rate-app 143 | description High Rate Applications 144 | class-map match-any system-cpp-police-multicast 145 | description MCAST Data 146 | class-map match-any system-cpp-police-l2-control 147 | description L2 control 148 | class-map match-any system-cpp-police-dot1x-auth 149 | description DOT1X Auth 150 | class-map match-any system-cpp-police-data 151 | description ICMP redirect, ICMP_GEN and BROADCAST 152 | class-map match-any system-cpp-police-stackwise-virt-control 153 | description Stackwise Virtual OOB 154 | class-map match-any non-client-nrt-class 155 | class-map match-any system-cpp-police-routing-control 156 | description Routing control and Low Latency 157 | class-map match-any system-cpp-police-protocol-snooping 158 | description Protocol snooping 159 | class-map match-any system-cpp-police-dhcp-snooping 160 | description DHCP snooping 161 | class-map match-any system-cpp-police-ios-routing 162 | description L2 control, Topology control, Routing control, Low Latency 163 | class-map match-any system-cpp-police-system-critical 164 | description System Critical and Gold Pkt 165 | class-map match-any system-cpp-police-ios-feature 166 | description ICMPGEN,BROADCAST,ICMP,L2LVXCntrl,ProtoSnoop,PuntWebauth,MCASTData,Transit,DOT1XAuth,Swfwd,LOGGING,L2LVXData,ForusTraffic,ForusARP,McastEndStn,Openflow,Exception,EGRExcption,NflSampled,RpfFailed 167 | ! 168 | policy-map system-cpp-policy 169 | ! 170 | interface Loopback1 171 | description 1.1 172 | ip address 169.254.1.10 255.255.255.255 173 | ! 174 | interface Port-channel11 175 | description SWITCH_ACCESS_1 176 | switchport mode trunk 177 | ! 178 | interface Port-channel12 179 | description SWITCH_ACCESS_2 180 | switchport mode trunk 181 | ! 182 | interface Port-channel13 183 | description SWITCH_ACCESS_3 184 | switchport mode trunk 185 | ! 186 | interface Port-channel14 187 | description SWITCH_ACCESS_4 188 | switchport mode trunk 189 | ! 190 | interface Port-channel15 191 | description SWITCH_ACCESS_5 192 | switchport mode trunk 193 | ! 194 | interface Port-channel16 195 | description SWITCH_ACCESS_6 196 | switchport mode trunk 197 | ! 198 | interface GigabitEthernet0/0 199 | vrf forwarding Mgmt-vrf 200 | no ip address 201 | shutdown 202 | negotiation auto 203 | ! 204 | interface TenGigabitEthernet1/0/1 205 | description User 206 | switchport access vlan 10 207 | switchport mode access 208 | shutdown 209 | spanning-tree portfast 210 | ! 211 | interface TenGigabitEthernet1/0/2 212 | description User 213 | switchport access vlan 10 214 | switchport mode access 215 | shutdown 216 | spanning-tree portfast 217 | ! 218 | interface TenGigabitEthernet1/0/3 219 | description User 220 | switchport access vlan 10 221 | switchport mode access 222 | shutdown 223 | spanning-tree portfast 224 | ! 225 | interface TenGigabitEthernet1/0/4 226 | description User 227 | switchport access vlan 10 228 | switchport mode access 229 | shutdown 230 | spanning-tree portfast 231 | ! 232 | interface TenGigabitEthernet1/0/5 233 | description User 234 | switchport access vlan 10 235 | switchport mode access 236 | shutdown 237 | spanning-tree portfast 238 | ! 239 | interface TenGigabitEthernet1/0/6 240 | description User 241 | switchport access vlan 10 242 | switchport mode access 243 | shutdown 244 | spanning-tree portfast 245 | ! 246 | interface TenGigabitEthernet1/0/7 247 | description User 248 | switchport access vlan 10 249 | switchport mode access 250 | shutdown 251 | spanning-tree portfast 252 | ! 253 | interface TenGigabitEthernet1/0/8 254 | description User 255 | switchport access vlan 10 256 | switchport mode access 257 | shutdown 258 | spanning-tree portfast 259 | ! 260 | interface TenGigabitEthernet1/0/9 261 | description User 262 | switchport access vlan 10 263 | switchport mode access 264 | shutdown 265 | spanning-tree portfast 266 | ! 267 | interface TenGigabitEthernet1/0/10 268 | description User 269 | switchport access vlan 10 270 | switchport mode access 271 | shutdown 272 | spanning-tree portfast 273 | ! 274 | interface TenGigabitEthernet1/0/11 275 | description User 276 | switchport access vlan 10 277 | switchport mode access 278 | shutdown 279 | spanning-tree portfast 280 | ! 281 | interface TenGigabitEthernet1/0/12 282 | description User 283 | switchport access vlan 10 284 | switchport mode access 285 | shutdown 286 | spanning-tree portfast 287 | ! 288 | interface TenGigabitEthernet1/0/13 289 | description Video 290 | switchport access vlan 20 291 | switchport mode access 292 | shutdown 293 | spanning-tree portfast 294 | ! 295 | interface TenGigabitEthernet1/0/14 296 | description Video 297 | switchport access vlan 20 298 | switchport mode access 299 | shutdown 300 | spanning-tree portfast 301 | ! 302 | interface TenGigabitEthernet1/0/15 303 | description Video 304 | switchport access vlan 20 305 | switchport mode access 306 | shutdown 307 | spanning-tree portfast 308 | ! 309 | interface TenGigabitEthernet1/0/16 310 | description Video 311 | switchport access vlan 20 312 | switchport mode access 313 | shutdown 314 | spanning-tree portfast 315 | ! 316 | interface TenGigabitEthernet1/0/17 317 | description Video 318 | switchport access vlan 20 319 | switchport mode access 320 | shutdown 321 | spanning-tree portfast 322 | ! 323 | interface TenGigabitEthernet1/0/18 324 | description Video 325 | switchport access vlan 20 326 | switchport mode access 327 | shutdown 328 | spanning-tree portfast 329 | ! 330 | interface TenGigabitEthernet1/0/19 331 | description Video 332 | switchport access vlan 20 333 | switchport mode access 334 | shutdown 335 | spanning-tree portfast 336 | ! 337 | interface TenGigabitEthernet1/0/20 338 | description Video 339 | switchport access vlan 20 340 | switchport mode access 341 | shutdown 342 | spanning-tree portfast 343 | ! 344 | interface TenGigabitEthernet1/0/21 345 | description Net_Mgmt 346 | switchport mode access 347 | spanning-tree portfast 348 | ! 349 | interface TenGigabitEthernet1/0/22 350 | description Net_Mgmt 351 | switchport mode access 352 | spanning-tree portfast 353 | ! 354 | interface TenGigabitEthernet1/0/23 355 | description Net_Mgmt 356 | switchport mode access 357 | spanning-tree portfast 358 | ! 359 | interface TenGigabitEthernet1/0/24 360 | description Net_Mgmt 361 | switchport mode access 362 | spanning-tree portfast 363 | ! 364 | interface GigabitEthernet1/1/1 365 | ! 366 | interface GigabitEthernet1/1/2 367 | ! 368 | interface GigabitEthernet1/1/3 369 | ! 370 | interface GigabitEthernet1/1/4 371 | ! 372 | interface TenGigabitEthernet1/1/1 373 | description SWITCH_ACCESS_1 374 | switchport mode trunk 375 | channel-group 11 mode on 376 | ! 377 | interface TenGigabitEthernet1/1/2 378 | description SWITCH_ACCESS_2 379 | switchport mode trunk 380 | channel-group 12 mode on 381 | ! 382 | interface TenGigabitEthernet1/1/3 383 | description SWITCH_ACCESS_3 384 | switchport mode trunk 385 | channel-group 13 mode on 386 | ! 387 | interface TenGigabitEthernet1/1/4 388 | description SWITCH_ACCESS_4 389 | switchport mode trunk 390 | channel-group 14 mode on 391 | ! 392 | interface TenGigabitEthernet1/1/5 393 | description SWITCH_ACCESS_5 394 | switchport mode trunk 395 | channel-group 15 mode on 396 | ! 397 | interface TenGigabitEthernet1/1/6 398 | description SWITCH_ACCESS_6 399 | switchport mode trunk 400 | channel-group 16 mode on 401 | ! 402 | interface TenGigabitEthernet1/1/7 403 | shutdown 404 | ! 405 | interface TenGigabitEthernet1/1/8 406 | description ROUTER_1 407 | no switchport 408 | ip address 192.168.254.2 255.255.255.252 409 | ip ospf network point-to-point 410 | ! 411 | interface FortyGigabitEthernet1/1/1 412 | shutdown 413 | ! 414 | interface FortyGigabitEthernet1/1/2 415 | shutdown 416 | ! 417 | interface TwentyFiveGigE1/1/1 418 | shutdown 419 | ! 420 | interface TwentyFiveGigE1/1/2 421 | shutdown 422 | ! 423 | interface AppGigabitEthernet1/0/1 424 | switchport mode trunk 425 | ! 426 | interface TenGigabitEthernet2/0/1 427 | description User 428 | switchport access vlan 10 429 | switchport mode access 430 | shutdown 431 | spanning-tree portfast 432 | ! 433 | interface TenGigabitEthernet2/0/2 434 | description User 435 | switchport access vlan 10 436 | switchport mode access 437 | shutdown 438 | spanning-tree portfast 439 | ! 440 | interface TenGigabitEthernet2/0/3 441 | description User 442 | switchport access vlan 10 443 | switchport mode access 444 | shutdown 445 | spanning-tree portfast 446 | ! 447 | interface TenGigabitEthernet2/0/4 448 | description User 449 | switchport access vlan 10 450 | switchport mode access 451 | shutdown 452 | spanning-tree portfast 453 | ! 454 | interface TenGigabitEthernet2/0/5 455 | description User 456 | switchport access vlan 10 457 | switchport mode access 458 | shutdown 459 | spanning-tree portfast 460 | ! 461 | interface TenGigabitEthernet2/0/6 462 | description User 463 | switchport access vlan 10 464 | switchport mode access 465 | shutdown 466 | spanning-tree portfast 467 | ! 468 | interface TenGigabitEthernet2/0/7 469 | description User 470 | switchport access vlan 10 471 | switchport mode access 472 | shutdown 473 | spanning-tree portfast 474 | ! 475 | interface TenGigabitEthernet2/0/8 476 | description User 477 | switchport access vlan 10 478 | switchport mode access 479 | shutdown 480 | spanning-tree portfast 481 | ! 482 | interface TenGigabitEthernet2/0/9 483 | description User 484 | switchport access vlan 10 485 | switchport mode access 486 | shutdown 487 | spanning-tree portfast 488 | ! 489 | interface TenGigabitEthernet2/0/10 490 | description User 491 | switchport access vlan 10 492 | switchport mode access 493 | shutdown 494 | spanning-tree portfast 495 | ! 496 | interface TenGigabitEthernet2/0/11 497 | description User 498 | switchport access vlan 10 499 | switchport mode access 500 | shutdown 501 | spanning-tree portfast 502 | ! 503 | interface TenGigabitEthernet2/0/12 504 | description User 505 | switchport access vlan 10 506 | switchport mode access 507 | shutdown 508 | spanning-tree portfast 509 | ! 510 | interface TenGigabitEthernet2/0/13 511 | description Video 512 | switchport access vlan 20 513 | switchport mode access 514 | shutdown 515 | spanning-tree portfast 516 | ! 517 | interface TenGigabitEthernet2/0/14 518 | description Video 519 | switchport access vlan 20 520 | switchport mode access 521 | shutdown 522 | spanning-tree portfast 523 | ! 524 | interface TenGigabitEthernet2/0/15 525 | description Video 526 | switchport access vlan 20 527 | switchport mode access 528 | shutdown 529 | spanning-tree portfast 530 | ! 531 | interface TenGigabitEthernet2/0/16 532 | description Video 533 | switchport access vlan 20 534 | switchport mode access 535 | shutdown 536 | spanning-tree portfast 537 | ! 538 | interface TenGigabitEthernet2/0/17 539 | description Video 540 | switchport access vlan 20 541 | switchport mode access 542 | shutdown 543 | spanning-tree portfast 544 | ! 545 | interface TenGigabitEthernet2/0/18 546 | description Video 547 | switchport access vlan 20 548 | switchport mode access 549 | shutdown 550 | spanning-tree portfast 551 | ! 552 | interface TenGigabitEthernet2/0/19 553 | description Video 554 | switchport access vlan 20 555 | switchport mode access 556 | shutdown 557 | spanning-tree portfast 558 | ! 559 | interface TenGigabitEthernet2/0/20 560 | description Video 561 | switchport access vlan 20 562 | switchport mode access 563 | shutdown 564 | spanning-tree portfast 565 | ! 566 | interface TenGigabitEthernet2/0/21 567 | description Net_Mgmt 568 | switchport mode access 569 | spanning-tree portfast 570 | ! 571 | interface TenGigabitEthernet2/0/22 572 | description Net_Mgmt 573 | switchport mode access 574 | spanning-tree portfast 575 | ! 576 | interface TenGigabitEthernet2/0/23 577 | description Net_Mgmt 578 | switchport mode access 579 | spanning-tree portfast 580 | ! 581 | interface TenGigabitEthernet2/0/24 582 | description Net_Mgmt 583 | switchport mode access 584 | spanning-tree portfast 585 | ! 586 | interface GigabitEthernet2/1/1 587 | ! 588 | interface GigabitEthernet2/1/2 589 | ! 590 | interface GigabitEthernet2/1/3 591 | ! 592 | interface GigabitEthernet2/1/4 593 | ! 594 | interface TenGigabitEthernet2/1/1 595 | description SWITCH_ACCESS_1 596 | switchport mode trunk 597 | channel-group 11 mode on 598 | ! 599 | interface TenGigabitEthernet2/1/2 600 | description SWITCH_ACCESS_2 601 | switchport mode trunk 602 | channel-group 12 mode on 603 | ! 604 | interface TenGigabitEthernet2/1/3 605 | description SWITCH_ACCESS_3 606 | switchport mode trunk 607 | channel-group 13 mode on 608 | ! 609 | interface TenGigabitEthernet2/1/4 610 | description SWITCH_ACCESS_4 611 | switchport mode trunk 612 | channel-group 14 mode on 613 | ! 614 | interface TenGigabitEthernet2/1/5 615 | description SWITCH_ACCESS_5 616 | switchport mode trunk 617 | channel-group 15 mode on 618 | ! 619 | interface TenGigabitEthernet2/1/6 620 | description SWITCH_ACCESS_6 621 | switchport mode trunk 622 | channel-group 16 mode on 623 | ! 624 | interface TenGigabitEthernet2/1/7 625 | shutdown 626 | ! 627 | interface TenGigabitEthernet2/1/8 628 | description ROUTER_2 629 | no switchport 630 | ip address 192.168.254.6 255.255.255.252 631 | ip ospf network point-to-point 632 | ! 633 | interface FortyGigabitEthernet2/1/1 634 | shutdown 635 | ! 636 | interface FortyGigabitEthernet2/1/2 637 | shutdown 638 | ! 639 | interface TwentyFiveGigE2/1/1 640 | shutdown 641 | ! 642 | interface TwentyFiveGigE2/1/2 643 | shutdown 644 | ! 645 | interface AppGigabitEthernet2/0/1 646 | ! 647 | interface Vlan1 648 | description Net_Mgmt 649 | ip address 192.168.255.1 255.255.255.0 650 | ! 651 | interface Vlan10 652 | description Users 653 | ip address 10.10.240.1 255.255.240.0 654 | no ip unreachables 655 | no ip redirects 656 | ! 657 | interface Vlan20 658 | description Video 659 | ip address 10.20.240.1 255.255.240.0 660 | ip policy route-map Video 661 | no ip unreachables 662 | no ip redirects 663 | ! 664 | router ospf 1 665 | router-id 169.254.1.10 666 | redistribute static 667 | passive-interface default 668 | no passive-interface TenGigabitEthernet1/1/8 669 | no passive-interface TenGigabitEthernet2/1/8 670 | network 10.10.240.0 0.0.15.255 area 0 671 | network 10.20.240.0 0.0.15.255 area 0 672 | network 192.168.254.2 0.0.0.0 area 0 673 | network 192.168.254.6 0.0.0.0 area 0 674 | network 192.168.255.0 0.0.0.255 area 0 675 | ! 676 | iox 677 | ip forward-protocol nd 678 | no ip http server 679 | no ip http secure-server 680 | ip http client source-interface Vlan1 681 | ip tftp source-interface Vlan1 682 | ip route 172.18.0.0 255.255.0.0 192.168.255.5 name Docker 683 | ip ssh time-out 30 684 | ip ssh authentication-retries 2 685 | ip ssh source-interface Vlan1 686 | ip ssh version 2 687 | ! 688 | ip access-list standard SSH 689 | 10 permit 192.168.255.0 0.0.0.255 690 | ! 691 | ip access-list extended Video 692 | 10 permit ip 10.20.240.0 0.0.15.255 any 693 | ! 694 | route-map Video permit 10 695 | match ip address Video 696 | set ip next-hop 192.168.254.5 697 | ! 698 | snmp-server community H0ck3y RO 699 | ! 700 | control-plane 701 | service-policy input system-cpp-policy 702 | ! 703 | line con 0 704 | session-timeout 10 705 | logging synchronous 706 | login local 707 | transport preferred none 708 | transport output ssh 709 | stopbits 1 710 | line vty 0 4 711 | session-timeout 10 712 | access-class SSH in 713 | logging synchronous 714 | login local 715 | transport preferred ssh 716 | transport input ssh 717 | transport output ssh 718 | line vty 5 15 719 | session-timeout 10 720 | access-class SSH in 721 | logging synchronous 722 | login local 723 | transport preferred ssh 724 | transport input ssh 725 | transport output ssh 726 | line vty 16 31 727 | no login 728 | transport input none 729 | ! 730 | call-home 731 | ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com 732 | ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications. 733 | contact-email-addr sch-smart-licensing@cisco.com 734 | source-interface Vlan1 735 | profile "CiscoTAC-1" 736 | active 737 | anonymous-reporting-only 738 | destination transport-method http 739 | ! 740 | ntp server ip time.cloudflare.com source Vlan1 741 | ! 742 | app-hosting appid netbeez 743 | app-vnic AppGigabitEthernet trunk 744 | vlan 10 guest-interface 0 745 | app-resource docker 746 | app-resource profile custom 747 | cpu 7400 748 | memory 1000 749 | persist-disk 4000 750 | end 751 | -------------------------------------------------------------------------------- /diagram-network-automation-github-actions.drawio: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216 | --------------------------------------------------------------------------------