├── tests ├── .keep ├── setup.service ├── get_projects.py ├── create_all_labs.sh ├── ubuntu-controller.sh ├── setup-controller.sh ├── almalinux9-controller.sh └── LINUX-MANAGEMENT.md ├── playbooks ├── roles ├── tasks │ └── .keep ├── vars │ └── .keep ├── inventories ├── library ├── configs │ └── README.md ├── ccna.yml ├── custom │ └── install_docker.yml ├── demos │ ├── disable_dynamic_ipv4_routing.yml │ ├── check_facts.yml │ ├── standalone.yml │ ├── cisco_ios_get_facts.yml │ ├── gather_ios_facts_2.yml │ ├── galaxy.yml │ └── test.yml ├── ccnp │ ├── icmp_ping.yml │ └── 01_01_02_implement_inter_vlan_routing.yml ├── networking_workshop.yml ├── gateway.yml ├── bipod.yml ├── lab_startup.yml ├── templates │ └── iosv_default_config.j2 ├── ansible.cfg ├── router_on_a_stick.yml ├── tripod.yml ├── switchblock.yml ├── restore_config.yml └── files │ └── default_configs │ ├── AS1.cfg │ ├── AS2.cfg │ ├── DS1.cfg │ ├── DS2.cfg │ ├── SW0.cfg │ ├── SW1.cfg │ ├── R1.cfg │ ├── R2.cfg │ └── R3.cfg ├── roles ├── ios_role │ ├── tests │ │ ├── inventory │ │ └── test.yml │ ├── tasks │ │ └── main.yml │ ├── vars │ │ └── main.yml │ ├── defaults │ │ └── main.yml │ ├── handlers │ │ └── main.yml │ ├── .travis.yml │ ├── README.md │ └── meta │ │ └── main.yml ├── ios_write │ ├── defaults │ │ └── main.yml │ ├── tasks │ │ ├── write_memory.yml │ │ ├── main.yml │ │ └── get_config.yml │ └── meta │ │ └── main.yml ├── ios_dhcp_server │ ├── README.md │ ├── tasks │ │ ├── main.yml │ │ └── enable_dhcp_server.yml │ └── meta │ │ └── main.yml ├── ios_recursive_dns_server │ ├── README.md │ ├── tasks │ │ ├── main.yml │ │ └── enable_recursive_dns_server.yml │ └── meta │ │ └── main.yml ├── ios_ipv4 │ ├── tasks │ │ ├── main.yml │ │ └── configure_ipv4_addresses.yml │ └── meta │ │ └── main.yml ├── ios_disable_dynamic_ipv4_routing │ ├── tasks │ │ ├── disable_rip.yml │ │ ├── disable_eigrp4.yml │ │ ├── disable_ospfv2.yml │ │ └── main.yml │ └── meta │ │ └── main.yml ├── ios_ipv6 │ ├── tasks │ │ ├── main.yml │ │ └── configure_ipv6_addresses.yml │ └── meta │ │ └── main.yml ├── ios_static_routing │ ├── tasks │ │ ├── main.yml │ │ └── add_ip_routes.yml │ └── meta │ │ └── main.yml ├── ios_interface │ ├── tasks │ │ ├── main.yml │ │ └── enable_interfaces.yml │ └── meta │ │ └── main.yml ├── ios_ipv6_routing │ ├── tasks │ │ ├── enable_ipv6_routing.yml │ │ └── main.yml │ └── meta │ │ └── main.yml ├── ios_nat44 │ ├── tasks │ │ ├── main.yml │ │ └── enable_nat.yml │ └── meta │ │ └── main.yml ├── ios_etherchannel │ ├── tasks │ │ ├── main.yml │ │ └── create_group_channels.yml │ └── meta │ │ └── main.yml ├── ios_fhrp │ ├── tasks │ │ ├── main.yml │ │ └── configure_fhrp.yml │ └── meta │ │ └── main.yml ├── ios_common │ ├── tasks │ │ ├── configure_system.yml │ │ ├── main.yml │ │ └── configure_banners.yml │ ├── meta │ │ └── main.yml │ └── defaults │ │ └── main.yml ├── ios_ipv4_routing │ ├── tasks │ │ ├── enable_ipv4_routing.yml │ │ └── main.yml │ └── meta │ │ └── main.yml ├── ios_no_ipv4_routing │ ├── tasks │ │ ├── disable_ipv4_routing.yml │ │ └── main.yml │ └── meta │ │ └── main.yml ├── ios_spanningtree │ ├── tasks │ │ ├── main.yml │ │ └── configure-spanning-tree.yml │ └── meta │ │ └── main.yml ├── ios_ospfv3 │ ├── tasks │ │ ├── main.yml │ │ └── enable_ospfv3.yml │ └── meta │ │ └── main.yml ├── ios_eigrp6 │ ├── tasks │ │ ├── main.yml │ │ └── enable_eigrp6.yml │ └── meta │ │ └── main.yml ├── ios_rip │ ├── tasks │ │ ├── static_to_rip.yml │ │ ├── main.yml │ │ └── enable_rip.yml │ └── meta │ │ └── main.yml ├── ios_vlans │ ├── tasks │ │ ├── create_vlans.yml │ │ ├── configure_trunk_ports.yml │ │ ├── configure_access_ports.yml │ │ ├── l3_configure_trunk_ports.yml │ │ ├── secure_switchports.yml │ │ └── main.yml │ └── meta │ │ └── main.yml ├── ios_eigrp4 │ ├── tasks │ │ ├── static_to_eigrp4.yml │ │ ├── main.yml │ │ └── enable_eigrp4.yml │ └── meta │ │ └── main.yml └── ios_ospfv2 │ ├── tasks │ ├── static_to_ospfv2.yml │ ├── main.yml │ └── enable_ospfv2.yml │ └── meta │ └── main.yml ├── requirements.txt ├── docs ├── .gitignore ├── assets │ └── images │ │ ├── ccna_lab.png │ │ ├── bipod_lab.png │ │ ├── tripod_lab.png │ │ ├── gateway_lab.png │ │ ├── switchblock_lab.png │ │ ├── ansible-ccna-lab.jpg │ │ ├── ccna_lab_control.png │ │ ├── tripod_lab_control.png │ │ ├── networking-workshop_lab.png │ │ └── router_on_a_stick_lab.png ├── .editorconfig ├── Gemfile ├── index.html ├── _posts │ ├── 0001-03-01-mise-en-place-du-lab-sur-gns3.md │ ├── 0001-01-01-objectifs.md │ └── 0001-03-03-configuration-de-la-station-de-controle.md └── _data │ └── navigation.yml ├── inventories ├── custom │ ├── osseclab │ │ ├── host_vars │ │ │ ├── gateway │ │ │ ├── pc1 │ │ │ ├── pc2 │ │ │ ├── controller │ │ │ ├── srv2 │ │ │ └── srv1 │ │ ├── templates │ │ │ ├── clients_config.j2 │ │ │ ├── default_config.j2 │ │ │ ├── servers_config.j2 │ │ │ ├── controller_config.j2 │ │ │ └── openwrt_config.j2 │ │ ├── hosts │ │ └── group_vars │ │ │ └── all │ ├── osseclab_minimal │ │ ├── host_vars │ │ │ ├── gateway │ │ │ ├── controller │ │ │ ├── srv1 │ │ │ └── srv2 │ │ ├── templates │ │ │ ├── default_config.j2 │ │ │ ├── servers_config.j2 │ │ │ ├── controller_config.j2 │ │ │ └── openwrt_config.j2 │ │ ├── hosts │ │ └── group_vars │ │ │ └── all │ ├── biglan │ │ ├── group_vars │ │ │ └── pcs.yml │ │ ├── host_vars │ │ │ └── controller.yml │ │ ├── templates │ │ │ ├── pcs_config.j2 │ │ │ ├── default_config.j2 │ │ │ └── controller_config.j2 │ │ └── hosts │ ├── smalllan │ │ ├── group_vars │ │ │ ├── pcs.yml │ │ │ └── all │ │ ├── host_vars │ │ │ └── controller.yml │ │ ├── templates │ │ │ ├── pcs_config.j2 │ │ │ ├── default_config.j2 │ │ │ └── controller_config.j2 │ │ └── hosts │ ├── startup_linux │ │ ├── templates │ │ │ └── iosv_default_config.j2 │ │ ├── hosts │ │ └── group_vars │ │ │ └── all │ ├── ospf_neighbors │ │ ├── hosts │ │ ├── group_vars │ │ │ └── all │ │ └── templates │ │ │ └── iosv_default_config.j2 │ ├── etherchannel │ │ ├── hosts │ │ ├── group_vars │ │ │ └── all │ │ └── templates │ │ │ └── iosv_default_config.j2 │ ├── tripod_l2 │ │ ├── hosts │ │ ├── group_vars │ │ │ └── all │ │ └── templates │ │ │ └── iosv_default_config.j2 │ ├── ospf_multiarea │ │ ├── hosts │ │ ├── host_vars │ │ │ ├── R2 │ │ │ ├── R3 │ │ │ └── R1 │ │ └── group_vars │ │ │ └── all │ ├── startup_ios │ │ ├── hosts │ │ ├── group_vars │ │ │ └── all │ │ └── templates │ │ │ └── iosv_default_config.j2 │ └── ccna_remote │ │ └── hosts ├── ccna │ ├── group_vars │ │ ├── core │ │ └── blocks │ ├── hosts │ └── host_vars │ │ ├── R1 │ │ ├── AS1 │ │ └── AS2 ├── tripod │ ├── group_vars │ │ ├── core │ │ └── all │ ├── hosts │ └── host_vars │ │ ├── R2 │ │ ├── R3 │ │ └── R1 ├── ccnp │ └── 01_01_02_inter_vlan_routing │ │ ├── host_vars │ │ ├── PC1 │ │ ├── PC2 │ │ ├── PC3 │ │ ├── PC4 │ │ ├── R1 │ │ ├── R3 │ │ └── DS2 │ │ ├── templates │ │ ├── controller_config.j2 │ │ ├── default_config.j2 │ │ ├── end_hosts_config.j2 │ │ └── iosv_config.j2 │ │ ├── hosts │ │ └── group_vars │ │ └── all ├── networking_workshop │ ├── hosts │ └── host_vars │ │ ├── rtr3 │ │ ├── rtr4 │ │ ├── rtr1 │ │ └── rtr2 ├── gateway │ ├── hosts │ ├── host_vars │ │ └── R1 │ └── group_vars │ │ └── all ├── bipod │ ├── hosts │ ├── host_vars │ │ ├── R2 │ │ └── R1 │ └── group_vars │ │ └── all ├── switchblock │ ├── hosts │ ├── group_vars │ │ └── blocks │ └── host_vars │ │ ├── AS1 │ │ └── AS2 └── router_on_a_stick │ ├── hosts │ ├── group_vars │ ├── switches │ └── all │ └── host_vars │ ├── R1 │ ├── SW0 │ └── SW1 ├── .gitignore ├── .ansible-lint ├── Dockerfile ├── .github └── workflows │ └── ansible-lint.yml ├── yamllint.yaml ├── LICENSE └── galaxy.yml /tests/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /playbooks/roles: -------------------------------------------------------------------------------- 1 | ../roles -------------------------------------------------------------------------------- /playbooks/tasks/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /playbooks/vars/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /playbooks/inventories: -------------------------------------------------------------------------------- 1 | ../inventories -------------------------------------------------------------------------------- /playbooks/library: -------------------------------------------------------------------------------- 1 | ../plugins/modules -------------------------------------------------------------------------------- /playbooks/configs/README.md: -------------------------------------------------------------------------------- 1 | # Configurations 2 | -------------------------------------------------------------------------------- /roles/ios_role/tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | -------------------------------------------------------------------------------- /roles/ios_role/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tasks file for role -------------------------------------------------------------------------------- /roles/ios_role/vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for role -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | ansible 2 | netaddr 3 | gns3fy 4 | pexpect 5 | -------------------------------------------------------------------------------- /roles/ios_role/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for role -------------------------------------------------------------------------------- /roles/ios_role/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for role -------------------------------------------------------------------------------- /roles/ios_write/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | dir_path: "configs" 3 | -------------------------------------------------------------------------------- /docs/.gitignore: -------------------------------------------------------------------------------- 1 | _site 2 | .sass-cache 3 | .jekyll-cache 4 | .jekyll-metadata 5 | vendor 6 | -------------------------------------------------------------------------------- /roles/ios_dhcp_server/README.md: -------------------------------------------------------------------------------- 1 | # ToDo 2 | 3 | * lease time 4 | * no-dhcp-server role 5 | -------------------------------------------------------------------------------- /inventories/custom/osseclab/host_vars/gateway: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: gateway 3 | domain: example.com 4 | -------------------------------------------------------------------------------- /roles/ios_recursive_dns_server/README.md: -------------------------------------------------------------------------------- 1 | # ToDo 2 | 3 | * lease time 4 | * no-dhcp-server role 5 | -------------------------------------------------------------------------------- /inventories/custom/osseclab_minimal/host_vars/gateway: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: gateway 3 | domain: example.com 4 | -------------------------------------------------------------------------------- /roles/ios_role/tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | remote_user: root 4 | roles: 5 | - role -------------------------------------------------------------------------------- /inventories/ccna/group_vars/core: -------------------------------------------------------------------------------- 1 | --- 2 | routing: 3 | eigrp_as: 1 4 | rdnss: 5 | name_server: 1.1.1.1 6 | -------------------------------------------------------------------------------- /inventories/tripod/group_vars/core: -------------------------------------------------------------------------------- 1 | --- 2 | routing: 3 | eigrp_as: 1 4 | rdnss: 5 | name_server: 1.1.1.1 6 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ansible.log 2 | *.retry 3 | .DS_Store 4 | playbooks/configs/build 5 | tests/push_image.sh 6 | archives/ 7 | -------------------------------------------------------------------------------- /roles/ios_write/tasks/write_memory.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: write memory 3 | ios_config: 4 | save_when: always 5 | -------------------------------------------------------------------------------- /docs/assets/images/ccna_lab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/goffinet/ansible-ccna-lab/HEAD/docs/assets/images/ccna_lab.png -------------------------------------------------------------------------------- /docs/assets/images/bipod_lab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/goffinet/ansible-ccna-lab/HEAD/docs/assets/images/bipod_lab.png -------------------------------------------------------------------------------- /docs/assets/images/tripod_lab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/goffinet/ansible-ccna-lab/HEAD/docs/assets/images/tripod_lab.png -------------------------------------------------------------------------------- /docs/assets/images/gateway_lab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/goffinet/ansible-ccna-lab/HEAD/docs/assets/images/gateway_lab.png -------------------------------------------------------------------------------- /docs/assets/images/switchblock_lab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/goffinet/ansible-ccna-lab/HEAD/docs/assets/images/switchblock_lab.png -------------------------------------------------------------------------------- /inventories/custom/biglan/group_vars/pcs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: "{{ inventory_hostname }}" 3 | interfaces: 4 | - id: "System eth0" 5 | -------------------------------------------------------------------------------- /inventories/custom/smalllan/group_vars/pcs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: "{{ inventory_hostname }}" 3 | interfaces: 4 | - id: "System eth0" 5 | -------------------------------------------------------------------------------- /docs/assets/images/ansible-ccna-lab.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/goffinet/ansible-ccna-lab/HEAD/docs/assets/images/ansible-ccna-lab.jpg -------------------------------------------------------------------------------- /docs/assets/images/ccna_lab_control.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/goffinet/ansible-ccna-lab/HEAD/docs/assets/images/ccna_lab_control.png -------------------------------------------------------------------------------- /docs/assets/images/tripod_lab_control.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/goffinet/ansible-ccna-lab/HEAD/docs/assets/images/tripod_lab_control.png -------------------------------------------------------------------------------- /inventories/custom/osseclab/host_vars/pc1: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: pc1 3 | interfaces: 4 | - id: "System eth0" 5 | login_prompt: "localhost login:" 6 | -------------------------------------------------------------------------------- /inventories/custom/osseclab/host_vars/pc2: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: pc2 3 | interfaces: 4 | - id: "System eth0" 5 | login_prompt: "localhost login:" 6 | -------------------------------------------------------------------------------- /docs/assets/images/networking-workshop_lab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/goffinet/ansible-ccna-lab/HEAD/docs/assets/images/networking-workshop_lab.png -------------------------------------------------------------------------------- /docs/assets/images/router_on_a_stick_lab.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/goffinet/ansible-ccna-lab/HEAD/docs/assets/images/router_on_a_stick_lab.png -------------------------------------------------------------------------------- /roles/ios_ipv4/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: configure_ipv4_addresses.yml 3 | when: ansible_network_os == 'ios' 4 | tags: 5 | - ipv4 6 | -------------------------------------------------------------------------------- /roles/ios_disable_dynamic_ipv4_routing/tasks/disable_rip.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: disable rip 3 | ios_config: 4 | defaults: yes 5 | lines: no router rip 6 | -------------------------------------------------------------------------------- /roles/ios_ipv6/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: configure_ipv6_addresses.yml 3 | when: 4 | - ansible_network_os == 'ios' 5 | tags: 6 | - ipv6 7 | -------------------------------------------------------------------------------- /roles/ios_static_routing/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: add_ip_routes.yml 3 | when: 4 | - ansible_network_os == 'ios' 5 | tags: 6 | - static 7 | -------------------------------------------------------------------------------- /roles/ios_interface/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: enable_interfaces.yml 3 | when: ansible_network_os == 'ios' 4 | tags: 5 | - interface 6 | - test 7 | -------------------------------------------------------------------------------- /roles/ios_ipv6_routing/tasks/enable_ipv6_routing.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: enable ipv6 unicast-routing 3 | ios_config: 4 | defaults: yes 5 | lines: ipv6 unicast-routing 6 | -------------------------------------------------------------------------------- /roles/ios_ipv6_routing/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: enable_ipv6_routing.yml 3 | when: 4 | - ansible_network_os == 'ios' 5 | tags: 6 | - ipv6_routing 7 | -------------------------------------------------------------------------------- /roles/ios_nat44/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: enable_nat.yml 3 | when: 4 | - ansible_network_os == 'ios' 5 | - nat is defined 6 | tags: 7 | - nat 8 | -------------------------------------------------------------------------------- /roles/ios_etherchannel/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: create_group_channels.yml 3 | when: ansible_network_os == 'ios' 4 | tags: 5 | - etherchannel 6 | - l2 7 | -------------------------------------------------------------------------------- /playbooks/ccna.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ccna.yml 3 | # Playbook to configure CCNA "switchblock" and "tripod" topologies 4 | - import_playbook: switchblock.yml 5 | - import_playbook: tripod.yml 6 | -------------------------------------------------------------------------------- /playbooks/custom/install_docker.yml: -------------------------------------------------------------------------------- 1 | - hosts: pcs 2 | vars: 3 | pip_install_packages: 4 | - name: docker 5 | roles: 6 | - geerlingguy.pip 7 | - geerlingguy.docker 8 | -------------------------------------------------------------------------------- /roles/ios_fhrp/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: configure_fhrp.yml 3 | when: 4 | - ansible_network_os == 'ios' 5 | - routing.fhrp is defined 6 | tags: 7 | - fhrp 8 | -------------------------------------------------------------------------------- /inventories/custom/biglan/host_vars/controller.yml: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: controller 3 | interfaces: 4 | - id: "System eth0" 5 | ipv4_address: "11.12.13.1/24" 6 | ipv4_dns: "127.0.0.1" 7 | -------------------------------------------------------------------------------- /roles/ios_common/tasks/configure_system.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: configure hostname and domain name 3 | ios_system: 4 | hostname: "{{ hostname }}" 5 | domain_name: "{{ domain_name }}" 6 | -------------------------------------------------------------------------------- /roles/ios_disable_dynamic_ipv4_routing/tasks/disable_eigrp4.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: disable eigrp4 3 | ios_config: 4 | defaults: yes 5 | lines: no router eigrp {{ routing.eigrp_as }} 6 | -------------------------------------------------------------------------------- /roles/ios_disable_dynamic_ipv4_routing/tasks/disable_ospfv2.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: disable ospfv2 3 | ios_config: 4 | defaults: yes 5 | lines: no router ospf {{ routing.ospf_pid }} 6 | -------------------------------------------------------------------------------- /inventories/custom/smalllan/host_vars/controller.yml: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: controller 3 | interfaces: 4 | - id: "System eth0" 5 | ipv4_address: "11.12.13.1/24" 6 | ipv4_dns: "127.0.0.1" 7 | -------------------------------------------------------------------------------- /roles/ios_ipv4_routing/tasks/enable_ipv4_routing.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: enable ipv4 routing 3 | ios_config: 4 | defaults: yes 5 | lines: ip routing 6 | when: 7 | - routing is defined 8 | -------------------------------------------------------------------------------- /roles/ios_ipv4_routing/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: enable_ipv4_routing.yml 3 | when: 4 | - ansible_network_os == 'ios' 5 | - routing is defined 6 | tags: 7 | - ipv4_routing 8 | -------------------------------------------------------------------------------- /roles/ios_dhcp_server/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: enable_dhcp_server.yml 3 | when: 4 | - ansible_network_os == 'ios' 5 | - dhcp.dhcp_pool is defined 6 | tags: 7 | - dhcp-server 8 | -------------------------------------------------------------------------------- /roles/ios_no_ipv4_routing/tasks/disable_ipv4_routing.yml: -------------------------------------------------------------------------------- 1 | - name: disable ipv4 routing 2 | ios_config: 3 | defaults: yes 4 | lines: no ip routing 5 | when: not routing or routing is not defined 6 | -------------------------------------------------------------------------------- /roles/ios_spanningtree/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - import_tasks: configure-spanning-tree.yml 2 | when: 3 | - ansible_network_os == 'ios' 4 | - stp.mode is defined 5 | tags: 6 | - stp 7 | - l2 8 | -------------------------------------------------------------------------------- /inventories/custom/biglan/templates/pcs_config.j2: -------------------------------------------------------------------------------- 1 | rm -f /etc/machine-id 2 | systemd-machine-id-setup 3 | hostnamectl set-hostname {{ hostname }} 4 | echo {{ hostname }} > /etc/hostname 5 | echo "" > /etc/motd 6 | -------------------------------------------------------------------------------- /roles/ios_recursive_dns_server/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: enable_recursive_dns_server.yml 3 | when: 4 | - ansible_network_os == 'ios' 5 | - rdnss is defined 6 | tags: 7 | - rdnss 8 | -------------------------------------------------------------------------------- /inventories/custom/smalllan/templates/pcs_config.j2: -------------------------------------------------------------------------------- 1 | rm -f /etc/machine-id 2 | systemd-machine-id-setup 3 | hostnamectl set-hostname {{ hostname }} 4 | echo {{ hostname }} > /etc/hostname 5 | echo "" > /etc/motd 6 | -------------------------------------------------------------------------------- /inventories/custom/osseclab/host_vars/controller: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: srv1 3 | interfaces: 4 | - id: "System eth0" 5 | ipv4_address: "11.12.13.1/24" 6 | ipv4_dns: "11.12.13.1" 7 | login_prompt: "localhost login:" 8 | -------------------------------------------------------------------------------- /roles/ios_ospfv3/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: enable_ospfv3.yml 3 | when: 4 | - ansible_network_os == 'ios' 5 | - routing.rid is defined 6 | tags: 7 | - ospfv3 8 | - ipv6_dynamic_routing 9 | -------------------------------------------------------------------------------- /playbooks/demos/disable_dynamic_ipv4_routing.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: cisco 3 | gather_facts: False 4 | tasks: 5 | - name: disable dynamic routing 6 | import_role: 7 | name: ios_disable_dynamic_ipv4_routing 8 | -------------------------------------------------------------------------------- /inventories/custom/osseclab_minimal/host_vars/controller: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: srv1 3 | interfaces: 4 | - id: "System eth0" 5 | ipv4_address: "11.12.13.1/24" 6 | ipv4_dns: "11.12.13.1" 7 | login_prompt: "almalinux9 login:" 8 | -------------------------------------------------------------------------------- /roles/ios_no_ipv4_routing/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: disable_ipv4_routing.yml 3 | when: 4 | - ansible_network_os == 'ios' 5 | - not routing or routing is not defined 6 | tags: 7 | - no_ipv4_routing 8 | -------------------------------------------------------------------------------- /tests/setup.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Setup script 3 | After=network.target 4 | 5 | [Service] 6 | Type=simple 7 | ExecStart=/root/setup.sh 8 | TimeoutStartSec=0 9 | 10 | [Install] 11 | WantedBy=default.target 12 | -------------------------------------------------------------------------------- /roles/ios_write/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: write_memory.yml 3 | when: ansible_network_os == 'ios' 4 | tags: 5 | - write 6 | - save 7 | - import_tasks: get_config.yml 8 | tags: 9 | - write 10 | - save 11 | -------------------------------------------------------------------------------- /.ansible-lint: -------------------------------------------------------------------------------- 1 | skip_list: # or 'skip_list' to silence them completely 2 | - experimental # all rules tagged as experimental 3 | - fqcn-builtins # Use FQCN for builtin actions. 4 | - yaml # Violations reported by yamllint. 5 | - schema 6 | -------------------------------------------------------------------------------- /roles/ios_eigrp6/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: enable_eigrp6.yml 3 | when: 4 | - ansible_network_os == 'ios' 5 | - routing.eigrp_as is defined 6 | - routing.rid is defined 7 | tags: 8 | - eigrp6 9 | - ipv6_dynamic_routing 10 | -------------------------------------------------------------------------------- /inventories/ccnp/01_01_02_inter_vlan_routing/host_vars/PC1: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: PC1 3 | interfaces: 4 | - id: "System eth0" 5 | ipv4_address: "10.2.50.50/24" 6 | ipv4_gateway: "10.2.50.1" 7 | ipv6_address: "2001:db8:acad:1050::50/64" 8 | ipv6_gateway: "fe80::d1:2" 9 | -------------------------------------------------------------------------------- /inventories/ccnp/01_01_02_inter_vlan_routing/host_vars/PC2: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: PC2 3 | interfaces: 4 | - id: "System eth0" 5 | ipv4_address: "10.2.60.50/24" 6 | ipv4_gateway: "10.2.60.1" 7 | ipv6_address: "2001:db8:acad:1060::50/64" 8 | ipv6_gateway: "fe80::d1:3" 9 | -------------------------------------------------------------------------------- /inventories/ccnp/01_01_02_inter_vlan_routing/host_vars/PC3: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: PC3 3 | interfaces: 4 | - id: "System eth0" 5 | ipv4_address: "10.3.75.50/24" 6 | ipv4_gateway: "10.3.75.1" 7 | ipv6_address: "2001:db8:acad:3075::50/64" 8 | ipv6_gateway: "fe80::3:2" 9 | -------------------------------------------------------------------------------- /inventories/ccnp/01_01_02_inter_vlan_routing/host_vars/PC4: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: PC4 3 | interfaces: 4 | - id: "System eth0" 5 | ipv4_address: "10.3.85.50/24" 6 | ipv4_gateway: "10.3.85.1" 7 | ipv6_address: "2001:db8:acad:3085::50/64" 8 | ipv6_gateway: "fe80::3:3" 9 | -------------------------------------------------------------------------------- /inventories/custom/osseclab/templates/clients_config.j2: -------------------------------------------------------------------------------- 1 | rm -f /etc/machine-id 2 | systemd-machine-id-setup 3 | hostnamectl set-hostname {{ hostname }} 4 | echo {{ hostname }} > /etc/hostname 5 | echo "" > /etc/motd 6 | sed -i 's/^#PermitRootLogin .*/PermitRootLogin yes/g' /etc/ssh/sshd_config 7 | -------------------------------------------------------------------------------- /inventories/custom/startup_linux/templates/iosv_default_config.j2: -------------------------------------------------------------------------------- 1 | configure terminal 2 | hostname {{ inventory_hostname }} 3 | {% if image_style == "iosv_l2" %} 4 | no ip routing 5 | no banner exec 6 | no banner incoming 7 | no banner login 8 | {% endif %} 9 | end 10 | write memory 11 | -------------------------------------------------------------------------------- /inventories/custom/biglan/templates/default_config.j2: -------------------------------------------------------------------------------- 1 | {% if inventory_hostname == "controller" and image_style == "centos" %} 2 | {% include 'controller_config.j2' %} 3 | {% endif %} 4 | {% if inventory_hostname in groups['pcs'] and image_style == "centos" %} 5 | {% include 'pcs_config.j2' %} 6 | {% endif %} 7 | -------------------------------------------------------------------------------- /playbooks/demos/check_facts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: CHECK FACTS 3 | hosts: cisco 4 | gather_facts: no 5 | tasks: 6 | - name: GATHER ROUTER FACTS 7 | ios_facts: 8 | register: print_output 9 | - debug: 10 | var: ansible_net_interfaces['GigabitEthernet0/0'].operstatus 11 | -------------------------------------------------------------------------------- /roles/ios_common/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: configure_banners.yml 3 | when: 4 | - ansible_network_os == 'ios' 5 | tags: 6 | - banners 7 | - common 8 | - import_tasks: configure_system.yml 9 | when: 10 | - ansible_network_os == 'ios' 11 | tags: 12 | - common 13 | -------------------------------------------------------------------------------- /inventories/custom/smalllan/templates/default_config.j2: -------------------------------------------------------------------------------- 1 | {% if inventory_hostname == "controller" and image_style == "centos" %} 2 | {% include 'controller_config.j2' %} 3 | {% endif %} 4 | {% if inventory_hostname in groups['pcs'] and image_style == "centos" %} 5 | {% include 'pcs_config.j2' %} 6 | {% endif %} 7 | -------------------------------------------------------------------------------- /inventories/custom/ospf_neighbors/hosts: -------------------------------------------------------------------------------- 1 | [all:vars] 2 | ansible_user=root 3 | ansible_ssh_pass=testtest 4 | ansible_port=22 5 | ansible_connection=network_cli 6 | ansible_network_os=ios 7 | mgmt_interface=GigabitEthernet0/7 8 | image_style=iosv_l3 9 | 10 | [routers] 11 | R1 12 | R2 13 | R3 14 | R4 15 | R5 16 | -------------------------------------------------------------------------------- /playbooks/ccnp/icmp_ping.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # icmp_ping.yml -e "destination=10.3.85.50" 3 | - hosts: end_hosts 4 | gather_facts: False 5 | tasks: 6 | - shell: "ping -c 1 {{ destination }}" 7 | when: destination | ipv4 8 | - shell: "ping6 -c 1 {{ destination }}" 9 | when: destination | ipv6 10 | -------------------------------------------------------------------------------- /roles/ios_rip/tasks/static_to_rip.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: redistribute static nat route to rip 3 | ios_config: 4 | defaults: no 5 | parents: router rip 6 | lines: 7 | - default-information originate 8 | when: 9 | - interfaces | selectattr('rip', 'defined') | list 10 | - nat is defined 11 | -------------------------------------------------------------------------------- /roles/ios_vlans/tasks/create_vlans.yml: -------------------------------------------------------------------------------- 1 | - name: create vlans 2 | ios_vlans: 3 | config: 4 | - name: "{{ item.name }}" 5 | vlan_id: "{{ item.id }}" 6 | state: active 7 | shutdown: disabled 8 | loop: "{{ vlans }}" 9 | when: 10 | - item.name is defined 11 | - item.id is defined 12 | -------------------------------------------------------------------------------- /roles/ios_recursive_dns_server/tasks/enable_recursive_dns_server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: enable recursive dns server 3 | ios_config: 4 | defaults: yes 5 | lines: 6 | - "ip domain lookup" 7 | - "ip name-server {{ rdnss.name_server | default('1.1.1.1') }}" 8 | - "ip dns server" 9 | when: rdnss is defined 10 | -------------------------------------------------------------------------------- /playbooks/demos/standalone.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # standalone.yml 3 | - hosts: R1 4 | gather_facts: False 5 | roles: 6 | - role: common 7 | - role: interface 8 | - role: ipv4 9 | - role: ipv6 10 | - role: ipv4-routing 11 | - role: ipv6-routing 12 | - role: dhcp-server 13 | - role: nat 14 | - role: write 15 | -------------------------------------------------------------------------------- /inventories/custom/biglan/hosts: -------------------------------------------------------------------------------- 1 | [controllers] 2 | controller 3 | 4 | [pcs] 5 | pc[1:15] 6 | 7 | [linux:children] 8 | pcs 9 | controllers 10 | 11 | [linux:vars] 12 | image_style=centos 13 | ansible_network_os="" 14 | ansible_connection=ssh 15 | 16 | [all:vars] 17 | ansible_user=root 18 | ansible_ssh_pass=testtest 19 | ansible_port=22 20 | -------------------------------------------------------------------------------- /inventories/custom/osseclab/host_vars/srv2: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: srv2 3 | interfaces: 4 | - id: "System eth0" 5 | ipv4_address: "192.168.2.20/24" 6 | ipv4_gateway: "192.168.2.1" 7 | ipv4_dns: "192.168.1.1" 8 | # ipv6_address: "2001:db8:acad:3085::50/64" 9 | # ipv6_gateway: "fe80::3:3" 10 | login_prompt: "localhost login:" 11 | -------------------------------------------------------------------------------- /inventories/custom/smalllan/hosts: -------------------------------------------------------------------------------- 1 | [controllers] 2 | controller 3 | 4 | [pcs] 5 | pc[1:4] 6 | 7 | [linux:children] 8 | pcs 9 | controllers 10 | 11 | [linux:vars] 12 | image_style=centos 13 | ansible_network_os="" 14 | ansible_connection=ssh 15 | 16 | [all:vars] 17 | ansible_user=root 18 | ansible_ssh_pass=testtest 19 | ansible_port=22 20 | -------------------------------------------------------------------------------- /roles/ios_eigrp4/tasks/static_to_eigrp4.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: redistribute static nat route to eigrp4 3 | ios_config: 4 | defaults: yes 5 | parents: router eigrp {{ routing.eigrp_as }} 6 | lines: 7 | - redistribute static 8 | when: 9 | - interfaces | selectattr('eigrp4', 'defined') | list 10 | - nat is defined 11 | -------------------------------------------------------------------------------- /inventories/ccnp/01_01_02_inter_vlan_routing/templates/controller_config.j2: -------------------------------------------------------------------------------- 1 | rm -f /etc/machine-id 2 | systemd-machine-id-setup 3 | hostnamectl set-hostname controller 4 | echo controller > /etc/hostname 5 | curl -s https://raw.githubusercontent.com/goffinet/ansible-ccna-lab/master/tests/setup-controller.sh -o setup.sh 6 | bash setup.sh & 7 | disown %1 8 | -------------------------------------------------------------------------------- /inventories/custom/osseclab/host_vars/srv1: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: srv1 3 | interfaces: 4 | - id: "System eth0" 5 | ipv4_address: "192.168.1.10/24" 6 | ipv4_gateway: "192.168.1.1" 7 | ipv4_dns: "192.168.1.1" 8 | # ipv6_address: "2001:db8:acad:1060::50/64" 9 | # ipv6_gateway: "fe80::d1:3" 10 | login_prompt: "localhost login:" 11 | -------------------------------------------------------------------------------- /inventories/custom/osseclab_minimal/host_vars/srv1: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: srv1 3 | interfaces: 4 | - id: "System eth0" 5 | ipv4_address: "192.168.1.10/24" 6 | ipv4_gateway: "192.168.1.1" 7 | ipv4_dns: "192.168.1.1" 8 | # ipv6_address: "2001:db8:acad:1060::50/64" 9 | # ipv6_gateway: "fe80::d1:3" 10 | login_prompt: "almalinux9 login:" 11 | -------------------------------------------------------------------------------- /inventories/custom/osseclab_minimal/host_vars/srv2: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: srv2 3 | interfaces: 4 | - id: "System eth0" 5 | ipv4_address: "192.168.2.20/24" 6 | ipv4_gateway: "192.168.2.1" 7 | ipv4_dns: "192.168.1.1" 8 | # ipv6_address: "2001:db8:acad:3085::50/64" 9 | # ipv6_gateway: "fe80::3:3" 10 | login_prompt: "almalinux9 login:" 11 | -------------------------------------------------------------------------------- /tests/get_projects.py: -------------------------------------------------------------------------------- 1 | from gns3fy import Gns3Connector, Project 2 | from tabulate import tabulate 3 | server = Gns3Connector("http://172.16.253.1:3080") 4 | print( 5 | tabulate( 6 | server.projects_summary(is_print=False), 7 | headers=["Project Name", "Project ID", "Total Nodes", "Status"], 8 | ) 9 | ) 10 | -------------------------------------------------------------------------------- /roles/ios_etherchannel/tasks/create_group_channels.yml: -------------------------------------------------------------------------------- 1 | - name: set link aggregation group to members 2 | ios_linkagg: 3 | group: "{{ item.id }}" 4 | mode: "{{ item.mode }}" 5 | members: 6 | - "{{ item.interfaces[0] }}" 7 | - "{{ item.interfaces[1] }}" 8 | loop: "{{ group_channels }}" 9 | when: group_channels is defined 10 | -------------------------------------------------------------------------------- /roles/ios_ospfv2/tasks/static_to_ospfv2.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: redistribute static nat route to ospfv2 3 | ios_config: 4 | defaults: yes 5 | parents: router ospf {{ routing.ospf_pid | default(1) }} 6 | lines: 7 | - default-information originate 8 | when: 9 | - nat is defined 10 | - interfaces | selectattr('ospfv2', 'defined') | list 11 | -------------------------------------------------------------------------------- /playbooks/networking_workshop.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # networking_workshop.yml 3 | - hosts: all 4 | gather_facts: False 5 | roles: 6 | - role: ios_common 7 | - role: ios_interface 8 | - role: ios_ipv4 9 | - role: ios_ipv4_routing 10 | - role: ios_ospfv2 11 | when: '"ospf" in ipv4.routing' 12 | - role: ios_dhcp_server 13 | - role: ios_write 14 | -------------------------------------------------------------------------------- /roles/ios_rip/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: enable_rip.yml 3 | when: 4 | - ansible_network_os == 'ios' 5 | tags: 6 | - rip 7 | - ipv4_dynamic_routing 8 | - import_tasks: static_to_rip.yml 9 | when: 10 | - ansible_network_os == 'ios' 11 | - nat is defined 12 | tags: 13 | - rip 14 | - static_to_rip 15 | - ipv4_dynamic_routing 16 | -------------------------------------------------------------------------------- /docs/.editorconfig: -------------------------------------------------------------------------------- 1 | # https://editorconfig.org 2 | root = true 3 | 4 | [*] 5 | charset = utf-8 6 | end_of_line = lf 7 | indent_size = 2 8 | indent_style = space 9 | insert_final_newline = true 10 | max_line_length = 80 11 | trim_trailing_whitespace = true 12 | 13 | [*.md] 14 | max_line_length = 0 15 | trim_trailing_whitespace = false 16 | 17 | [COMMIT_EDITMSG] 18 | max_line_length = 0 19 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM python:3.6 2 | 3 | RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -qq -y install \ 4 | telnet 5 | 6 | RUN pip3 install pip --upgrade 7 | 8 | RUN pip3 install ansible 9 | 10 | RUN pip3 install netaddr 11 | 12 | RUN pip3 install pexpect 13 | 14 | RUN pip3 install gns3fy==0.8.0 15 | 16 | RUN pip3 install pydantic==1.9.2 17 | 18 | RUN pip3 install mazer 19 | -------------------------------------------------------------------------------- /roles/ios_ospfv2/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: enable_ospfv2.yml 3 | when: 4 | - ansible_network_os == 'ios' 5 | tags: 6 | - ospfv2 7 | - ipv4_dynamic_routing 8 | - import_tasks: static_to_ospfv2.yml 9 | when: 10 | - ansible_network_os == 'ios' 11 | - nat is defined 12 | tags: 13 | - ospfv2 14 | - static_to_ospfv2 15 | - ipv4_dynamic_routing 16 | -------------------------------------------------------------------------------- /playbooks/gateway.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # gateway.yml 3 | - hosts: core 4 | gather_facts: False 5 | roles: 6 | - role: ios_common 7 | - role: ios_interface 8 | - role: ios_ipv4 9 | - role: ios_ipv6 10 | - role: ios_ipv4_routing 11 | - role: ios_ipv6_routing 12 | - role: ios_nat44 13 | - role: ios_recursive_dns_server 14 | - role: ios_dhcp_server 15 | - role: ios_write 16 | -------------------------------------------------------------------------------- /inventories/networking_workshop/hosts: -------------------------------------------------------------------------------- 1 | [routers:children] 2 | cisco 3 | 4 | [cisco] 5 | rtr1 6 | rtr2 7 | rtr3 8 | rtr4 9 | 10 | [cisco:vars] 11 | ansible_user=root 12 | ansible_ssh_pass=testtest 13 | ansible_port=22 14 | ansible_connection=network_cli 15 | ansible_network_os=ios 16 | mgmt_interface=GigabitEthernet0/7 17 | image_style=iosv_l3 18 | 19 | [dc1] 20 | rtr1 21 | rtr3 22 | 23 | [dc2] 24 | rtr2 25 | rtr4 26 | -------------------------------------------------------------------------------- /inventories/custom/etherchannel/hosts: -------------------------------------------------------------------------------- 1 | [all:vars] 2 | #method=modules # modules or templating 3 | 4 | [switches] 5 | SW0 6 | SW1 7 | 8 | [cisco:children] 9 | switches 10 | 11 | [switches:vars] 12 | mgmt_interface=GigabitEthernet3/3 13 | image_style=iosv_l2 14 | 15 | [cisco:vars] 16 | ansible_user=root 17 | ansible_ssh_pass=testtest 18 | ansible_port=22 19 | ansible_connection=network_cli 20 | ansible_network_os=ios 21 | -------------------------------------------------------------------------------- /inventories/custom/tripod_l2/hosts: -------------------------------------------------------------------------------- 1 | [all:vars] 2 | #method=modules # modules or templating 3 | 4 | [switches] 5 | SW1 6 | SW2 7 | SW3 8 | 9 | [cisco:children] 10 | switches 11 | 12 | [switches:vars] 13 | mgmt_interface=GigabitEthernet3/3 14 | image_style=iosv_l2 15 | 16 | [cisco:vars] 17 | ansible_user=root 18 | ansible_ssh_pass=testtest 19 | ansible_port=22 20 | ansible_connection=network_cli 21 | ansible_network_os=ios 22 | -------------------------------------------------------------------------------- /roles/ios_disable_dynamic_ipv4_routing/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: disable_rip.yml 3 | when: 4 | - ansible_network_os == 'ios' 5 | tags: 6 | - disable-rip 7 | - import_tasks: disable_eigrp4.yml 8 | when: 9 | - ansible_network_os == 'ios' 10 | tags: 11 | - disable-eigrp4 12 | - import_tasks: disable_ospfv2.yml 13 | when: 14 | - ansible_network_os == 'ios' 15 | tags: 16 | - disable-ospfv2 17 | -------------------------------------------------------------------------------- /roles/ios_etherchannel/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: goffinet 4 | description: configure etherchannel links 5 | license: CC-BY-4.0 6 | min_ansible_version: 2.9 7 | galaxy_tags: 8 | - cisco 9 | - iosv 10 | - ccna 11 | - etherchannel 12 | platforms: 13 | - name: vios_l2-ADVENTERPRISEK9-M 14 | versions: 15 | - 15.2(20170321:233949) 16 | dependencies: 17 | - role: ios_interface 18 | -------------------------------------------------------------------------------- /inventories/custom/startup_linux/hosts: -------------------------------------------------------------------------------- 1 | [all:vars] 2 | #method=modules # modules or templating 3 | 4 | [stick] 5 | SW0 6 | 7 | [switches:children] 8 | stick 9 | 10 | [cisco:children] 11 | stick 12 | 13 | [stick:vars] 14 | mgmt_interface=GigabitEthernet3/3 15 | image_style=iosv_l2 16 | 17 | [cisco:vars] 18 | ansible_user=root 19 | ansible_ssh_pass=testtest 20 | ansible_port=22 21 | ansible_connection=network_cli 22 | ansible_network_os=ios 23 | -------------------------------------------------------------------------------- /inventories/gateway/hosts: -------------------------------------------------------------------------------- 1 | [all:vars] 2 | #method=modules # modules or templating not yet implemented 3 | 4 | [core] 5 | R1 6 | 7 | [routers:children] 8 | core 9 | 10 | [cisco:children] 11 | core 12 | 13 | [core:vars] 14 | mgmt_interface=GigabitEthernet0/7 15 | image_style=iosv_l3 16 | 17 | [cisco:vars] 18 | ansible_user=root 19 | ansible_ssh_pass=testtest 20 | ansible_port=22 21 | ansible_connection=network_cli 22 | ansible_network_os=ios 23 | -------------------------------------------------------------------------------- /inventories/bipod/hosts: -------------------------------------------------------------------------------- 1 | [all:vars] 2 | #method=modules # modules or templating not yet implemented 3 | 4 | [core] 5 | R1 6 | R2 7 | 8 | [routers:children] 9 | core 10 | 11 | [cisco:children] 12 | core 13 | 14 | [core:vars] 15 | mgmt_interface=GigabitEthernet0/7 16 | image_style=iosv_l3 17 | 18 | [cisco:vars] 19 | ansible_user=root 20 | ansible_ssh_pass=testtest 21 | ansible_port=22 22 | ansible_connection=network_cli 23 | ansible_network_os=ios 24 | -------------------------------------------------------------------------------- /inventories/ccnp/01_01_02_inter_vlan_routing/templates/default_config.j2: -------------------------------------------------------------------------------- 1 | {% if image_style == "iosv_l2" or image_style == "iosv_l3" %} 2 | {% include 'iosv_config.j2' %} 3 | {% endif %} 4 | {% if inventory_hostname in groups['end_hosts'] and image_style == "linux" %} 5 | {% include 'end_hosts_config.j2' %} 6 | {% endif %} 7 | {% if inventory_hostname == "controller" and image_style == "linux" %} 8 | {% include 'controller_config.j2' %} 9 | {% endif %} 10 | -------------------------------------------------------------------------------- /inventories/custom/osseclab_minimal/templates/default_config.j2: -------------------------------------------------------------------------------- 1 | {% if inventory_hostname in groups['servers'] and image_style == "centos" %} 2 | {% include 'servers_config.j2' %} 3 | {% endif %} 4 | {% if inventory_hostname == "gateway" and image_style == "openwrt" %} 5 | {% include 'openwrt_config.j2' %} 6 | {% endif %} 7 | {% if inventory_hostname == "controller" and image_style == "centos" %} 8 | {% include 'controller_config.j2' %} 9 | {% endif %} 10 | -------------------------------------------------------------------------------- /inventories/tripod/hosts: -------------------------------------------------------------------------------- 1 | [all:vars] 2 | #method=modules # modules or templating not yet implemented 3 | 4 | [core] 5 | R1 6 | R2 7 | R3 8 | 9 | [routers:children] 10 | core 11 | 12 | [cisco:children] 13 | core 14 | 15 | [core:vars] 16 | mgmt_interface=GigabitEthernet0/7 17 | image_style=iosv_l3 18 | 19 | [cisco:vars] 20 | ansible_user=root 21 | ansible_ssh_pass=testtest 22 | ansible_port=22 23 | ansible_connection=network_cli 24 | ansible_network_os=ios 25 | -------------------------------------------------------------------------------- /roles/ios_spanningtree/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: goffinet 4 | description: configure spanning-tree 5 | license: CC-BY-4.0 6 | min_ansible_version: 2.9 7 | galaxy_tags: 8 | - cisco 9 | - iosv 10 | - ccna 11 | - spanningtree 12 | platforms: 13 | - name: vios_l2-ADVENTERPRISEK9-M 14 | versions: 15 | - 15.2(20170321:233949) 16 | dependencies: 17 | - role: ios_interface 18 | - role: ios_vlans 19 | -------------------------------------------------------------------------------- /roles/ios_vlans/tasks/configure_trunk_ports.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: configure trunk ports 3 | ios_config: 4 | defaults: yes 5 | parents: interface {{ item.id }} 6 | lines: 7 | - switchport trunk encapsulation dot1q 8 | - switchport trunk native vlan {{ item.trunk.native | default('1') }} 9 | - switchport mode trunk 10 | loop: "{{ interfaces | selectattr('trunk', 'defined') | list }}" 11 | when: 12 | - item.trunk is defined 13 | -------------------------------------------------------------------------------- /roles/ios_write/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: goffinet 4 | description: save and get configurations 5 | license: CC-BY-4.0 6 | min_ansible_version: 2.9 7 | galaxy_tags: 8 | - cisco 9 | - iosv 10 | - ccna 11 | platforms: 12 | - name: VIOS-ADVENTERPRISEK9-M 13 | versions: 14 | - 15.6(2)T 15 | - name: vios_l2-ADVENTERPRISEK9-M 16 | versions: 17 | - 15.2(20170321:233949) 18 | dependencies: 19 | -------------------------------------------------------------------------------- /roles/ios_eigrp4/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: enable_eigrp4.yml 3 | when: 4 | - ansible_network_os == 'ios' 5 | - routing.eigrp_as is defined 6 | tags: 7 | - eigrp4 8 | - ipv4_dynamic_routing 9 | - import_tasks: static_to_eigrp4.yml 10 | when: 11 | - ansible_network_os == 'ios' 12 | - routing.eigrp_as is defined 13 | - nat is defined 14 | tags: 15 | - eigrp4 16 | - static_to_eigrp4 17 | - ipv4_dynamic_routing 18 | -------------------------------------------------------------------------------- /inventories/custom/ospf_multiarea/hosts: -------------------------------------------------------------------------------- 1 | [all:vars] 2 | #method=modules # modules or templating not yet implemented 3 | 4 | [core] 5 | R1 6 | R2 7 | R3 8 | 9 | [routers:children] 10 | core 11 | 12 | [cisco:children] 13 | core 14 | 15 | [core:vars] 16 | mgmt_interface=GigabitEthernet0/7 17 | image_style=iosv_l3 18 | 19 | [cisco:vars] 20 | ansible_user=root 21 | ansible_ssh_pass=testtest 22 | ansible_port=22 23 | ansible_connection=network_cli 24 | ansible_network_os=ios 25 | -------------------------------------------------------------------------------- /roles/ios_interface/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: goffinet 4 | description: enable interfaces 5 | license: CC-BY-4.0 6 | min_ansible_version: 2.9 7 | galaxy_tags: 8 | - cisco 9 | - iosv 10 | - ccna 11 | - interfaces 12 | platforms: 13 | - name: VIOS-ADVENTERPRISEK9-M 14 | versions: 15 | - 15.6(2)T 16 | - name: vios_l2-ADVENTERPRISEK9-M 17 | versions: 18 | - 15.2(20170321:233949) 19 | dependencies: 20 | -------------------------------------------------------------------------------- /roles/ios_no_ipv4_routing/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: goffinet 4 | description: disable IPv4 routing 5 | license: CC-BY-4.0 6 | min_ansible_version: 2.9 7 | galaxy_tags: 8 | - cisco 9 | - iosv 10 | - ccna 11 | - routing 12 | platforms: 13 | - name: VIOS-ADVENTERPRISEK9-M 14 | versions: 15 | - 15.6(2)T 16 | - name: vios_l2-ADVENTERPRISEK9-M 17 | versions: 18 | - 15.2(20170321:233949) 19 | dependencies: 20 | -------------------------------------------------------------------------------- /.github/workflows/ansible-lint.yml: -------------------------------------------------------------------------------- 1 | name: Ansible Lint # feel free to pick your own name 2 | 3 | on: [push, pull_request] 4 | 5 | jobs: 6 | build: 7 | runs-on: ubuntu-latest 8 | steps: 9 | # Important: This sets up your GITHUB_WORKSPACE environment variable 10 | - uses: actions/checkout@v3 11 | - name: Lint Ansible Playbook 12 | # replace "master" with any valid ref 13 | uses: ansible/ansible-lint-action@main 14 | with: 15 | path: "roles/*" 16 | -------------------------------------------------------------------------------- /playbooks/bipod.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # bipod.yml 3 | - hosts: core 4 | gather_facts: False 5 | roles: 6 | - role: ios_common 7 | - role: ios_interface 8 | - role: ios_ipv4 9 | - role: ios_ipv6 10 | - role: ios_ipv4_routing 11 | - role: ios_ipv6_routing 12 | - role: ios_static_routing 13 | - role: ios_rip 14 | when: '"rip" in ipv4.routing' 15 | - role: ios_recursive_dns_server 16 | - role: ios_dhcp_server 17 | - role: ios_nat44 18 | - role: ios_write 19 | -------------------------------------------------------------------------------- /roles/ios_ipv4/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: goffinet 4 | description: enable IPv4 on interfaces 5 | license: CC-BY-4.0 6 | min_ansible_version: 2.9 7 | galaxy_tags: 8 | - cisco 9 | - iosv 10 | - ccna 11 | - ipv4 12 | platforms: 13 | - name: VIOS-ADVENTERPRISEK9-M 14 | versions: 15 | - 15.6(2)T 16 | - name: vios_l2-ADVENTERPRISEK9-M 17 | versions: 18 | - 15.2(20170321:233949) 19 | dependencies: 20 | - role: ios_interface 21 | -------------------------------------------------------------------------------- /roles/ios_vlans/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: goffinet 4 | description: configure vlan database, access and trunk ports 5 | license: CC-BY-4.0 6 | min_ansible_version: 2.9 7 | galaxy_tags: 8 | - cisco 9 | - iosv 10 | - ccna 11 | - vlan 12 | - access 13 | - trunk 14 | platforms: 15 | - name: vios_l2-ADVENTERPRISEK9-M 16 | versions: 17 | - 15.2(20170321:233949) 18 | dependencies: 19 | - role: ios_etherchannel 20 | - role: ios_interface 21 | -------------------------------------------------------------------------------- /roles/ios_common/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: goffinet 4 | description: fix administrative settings to devices 5 | license: CC-BY-4.0 6 | min_ansible_version: 2.9 7 | galaxy_tags: 8 | - cisco 9 | - iosv 10 | - ccna 11 | - hostname 12 | - banners 13 | platforms: 14 | - name: VIOS-ADVENTERPRISEK9-M 15 | versions: 16 | - 15.6(2)T 17 | - name: vios_l2-ADVENTERPRISEK9-M 18 | versions: 19 | - 15.2(20170321:233949) 20 | dependencies: 21 | -------------------------------------------------------------------------------- /roles/ios_nat44/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: goffinet 4 | description: cisco iosv role 5 | license: CC-BY-4.0 6 | min_ansible_version: 2.9 7 | galaxy_tags: 8 | - cisco 9 | - iosv 10 | - ccna 11 | platforms: 12 | - name: VIOS-ADVENTERPRISEK9-M 13 | versions: 14 | - 15.6(2)T 15 | - name: vios_l2-ADVENTERPRISEK9-M 16 | versions: 17 | - 15.2(20170321:233949) 18 | dependencies: 19 | - role: ios_interface 20 | - role: ios_ipv4 21 | - role: ios_ipv4_routing 22 | -------------------------------------------------------------------------------- /docs/Gemfile: -------------------------------------------------------------------------------- 1 | source "https://rubygems.org" 2 | ruby RUBY_VERSION 3 | 4 | gem "jekyll", "3.8.5" 5 | 6 | # to use GitHub Pages 7 | gem "github-pages", group: :jekyll_plugins 8 | 9 | # If you have any plugins, put them here! 10 | group :jekyll_plugins do 11 | gem "jekyll-feed" 12 | gem "jekyll-sitemap" 13 | gem "jekyll-redirect-from" 14 | gem "jekyll-seo-tag" 15 | gem "jekyll-include-cache" 16 | gem "jekyll-archives" 17 | gem "jekyll-email-protect" 18 | gem "jekyll-extlinks" 19 | end 20 | 21 | gem "nokogiri", ">= 1.10.8" 22 | -------------------------------------------------------------------------------- /roles/ios_disable_dynamic_ipv4_routing/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: goffinet 4 | description: disable ipv4 routing protocols 5 | license: CC-BY-4.0 6 | min_ansible_version: 2.9 7 | galaxy_tags: 8 | - cisco 9 | - iosv 10 | - ccna 11 | - rip 12 | - eigrp4 13 | - ospfv2 14 | platforms: 15 | - name: VIOS-ADVENTERPRISEK9-M 16 | versions: 17 | - 15.6(2)T 18 | - name: vios_l2-ADVENTERPRISEK9-M 19 | versions: 20 | - 15.2(20170321:233949) 21 | dependencies: 22 | -------------------------------------------------------------------------------- /roles/ios_ipv6/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: goffinet 4 | description: enable IPv6 on interfaces with a custom link-local address 5 | license: CC-BY-4.0 6 | min_ansible_version: 2.9 7 | galaxy_tags: 8 | - cisco 9 | - iosv 10 | - ccna 11 | - ipv6 12 | platforms: 13 | - name: VIOS-ADVENTERPRISEK9-M 14 | versions: 15 | - 15.6(2)T 16 | - name: vios_l2-ADVENTERPRISEK9-M 17 | versions: 18 | - 15.2(20170321:233949) 19 | dependencies: 20 | - role: ios_interface 21 | -------------------------------------------------------------------------------- /playbooks/demos/cisco_ios_get_facts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ansible-galaxy install ansible-network.cisco_ios 3 | - hosts: cisco 4 | gather_facts: True 5 | tasks: 6 | - name: collect facts from cisco ios devices 7 | import_role: 8 | name: goffinet.cisco_ios 9 | tasks_from: get_facts 10 | vars: 11 | subset: 12 | - system 13 | - interfaces 14 | - routing 15 | - cdp 16 | - lldp 17 | - name: print results 18 | debug: 19 | msg: "{{ cisco_ios }}" 20 | -------------------------------------------------------------------------------- /roles/ios_dhcp_server/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: goffinet 4 | description: configure dhcp server and dhcp pools 5 | license: CC-BY-4.0 6 | min_ansible_version: 2.9 7 | galaxy_tags: 8 | - cisco 9 | - iosv 10 | - ccna 11 | - dhcp 12 | platforms: 13 | - name: VIOS-ADVENTERPRISEK9-M 14 | versions: 15 | - 15.6(2)T 16 | - name: vios_l2-ADVENTERPRISEK9-M 17 | versions: 18 | - 15.2(20170321:233949) 19 | dependencies: 20 | - role: ios_interface 21 | - role: ios_ipv4 22 | -------------------------------------------------------------------------------- /roles/ios_ipv6_routing/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: goffinet 4 | description: enable IPv6 routing 5 | license: CC-BY-4.0 6 | min_ansible_version: 2.9 7 | galaxy_tags: 8 | - cisco 9 | - iosv 10 | - ccna 11 | - ipv6 12 | - routing 13 | platforms: 14 | - name: VIOS-ADVENTERPRISEK9-M 15 | versions: 16 | - 15.6(2)T 17 | - name: vios_l2-ADVENTERPRISEK9-M 18 | versions: 19 | - 15.2(20170321:233949) 20 | dependencies: 21 | - role: ios_interface 22 | - role: ios_ipv6 23 | -------------------------------------------------------------------------------- /inventories/custom/osseclab_minimal/hosts: -------------------------------------------------------------------------------- 1 | [openwrt] 2 | gateway 3 | 4 | [controllers] 5 | controller 6 | 7 | [servers] 8 | srv1 9 | srv2 10 | 11 | 12 | [end_hosts:children] 13 | servers 14 | 15 | [linux:children] 16 | end_hosts 17 | controllers 18 | 19 | [openwrt:vars] 20 | image_style=openwrt 21 | ansible_network_os="" 22 | ansible_connection=ssh 23 | 24 | [linux:vars] 25 | image_style=centos 26 | ansible_network_os="" 27 | ansible_connection=ssh 28 | 29 | [all:vars] 30 | ansible_user=root 31 | ansible_ssh_pass=testtest 32 | ansible_port=22 33 | -------------------------------------------------------------------------------- /roles/ios_ipv4_routing/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: goffinet 4 | description: enable IPv4 routing on devices 5 | license: CC-BY-4.0 6 | min_ansible_version: 2.9 7 | galaxy_tags: 8 | - cisco 9 | - iosv 10 | - ccna 11 | - ipv4 12 | - routing 13 | platforms: 14 | - name: VIOS-ADVENTERPRISEK9-M 15 | versions: 16 | - 15.6(2)T 17 | - name: vios_l2-ADVENTERPRISEK9-M 18 | versions: 19 | - 15.2(20170321:233949) 20 | dependencies: 21 | - role: ios_interface 22 | - role: ios_ipv4 23 | -------------------------------------------------------------------------------- /roles/ios_spanningtree/tasks/configure-spanning-tree.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: define the version of stp 3 | ios_config: 4 | lines: spanning-tree mode {{ stp.mode }} 5 | when: stp.mode is defined 6 | - name: define the stp root primary 7 | ios_config: 8 | lines: "spanning-tree vlan {{ item }} root primary" 9 | loop: "{{ stp.primary }}" 10 | when: item is defined 11 | - name: define the stp root secondary 12 | ios_config: 13 | lines: "spanning-tree vlan {{ item }} root secondary" 14 | loop: "{{ stp.secondary }}" 15 | when: item is defined 16 | -------------------------------------------------------------------------------- /inventories/switchblock/hosts: -------------------------------------------------------------------------------- 1 | [all:vars] 2 | #method=modules # modules or templating not yet implemented 3 | 4 | [distribution] 5 | DS1 6 | DS2 7 | 8 | [access] 9 | AS1 10 | AS2 11 | 12 | [blocks:children] 13 | distribution 14 | access 15 | 16 | [switches:children] 17 | blocks 18 | 19 | [cisco:children] 20 | blocks 21 | 22 | [blocks:vars] 23 | mgmt_interface=GigabitEthernet3/3 24 | image_style=iosv_l2 25 | 26 | [cisco:vars] 27 | ansible_user=root 28 | ansible_ssh_pass=testtest 29 | ansible_port=22 30 | ansible_connection=network_cli 31 | ansible_network_os=ios 32 | -------------------------------------------------------------------------------- /playbooks/demos/gather_ios_facts_2.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # https://docs.ansible.com/ansible/2.5/network/user_guide/network_best_practices_2.5.html 3 | - name: "Gather ansible_net_* facts" 4 | hosts: cisco 5 | gather_facts: no 6 | tasks: 7 | - name: Gather facts (ios) 8 | ios_facts: 9 | when: ansible_network_os == 'ios' 10 | register: output 11 | - name: Facts from a specific host 12 | debug: 13 | var: output 14 | - name: Display some facts 15 | debug: 16 | msg: "{{ ansible_net_hostname }}: {{ ansible_net_version }}" 17 | -------------------------------------------------------------------------------- /playbooks/lab_startup.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #lab_startup.yml 3 | - name: "Start an existing lab topology" 4 | hosts: localhost 5 | gather_facts: False 6 | tasks: 7 | - name: "Open the project" 8 | gns3_project: 9 | url: "{{ gns3_url }}" 10 | project_name: "{{ project_name }}" 11 | state: opened 12 | - name: "Start nodes in the project" 13 | gns3_project: 14 | url: "{{ gns3_url }}" 15 | project_name: "{{ project_name }}" 16 | state: opened 17 | nodes_state: started 18 | nodes_strategy: one_by_one 19 | -------------------------------------------------------------------------------- /roles/ios_fhrp/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: goffinet 4 | description: configure an FHRP such HSRP for IPv4 or IPv6 5 | license: CC-BY-4.0 6 | min_ansible_version: 2.9 7 | galaxy_tags: 8 | - cisco 9 | - iosv 10 | - ccna 11 | - hsrp 12 | platforms: 13 | - name: VIOS-ADVENTERPRISEK9-M 14 | versions: 15 | - 15.6(2)T 16 | - name: vios_l2-ADVENTERPRISEK9-M 17 | versions: 18 | - 15.2(20170321:233949) 19 | dependencies: 20 | - role: ios_interface 21 | - role: ios_ipv4 22 | - role: ios_ipv4_routing 23 | -------------------------------------------------------------------------------- /inventories/custom/osseclab/templates/default_config.j2: -------------------------------------------------------------------------------- 1 | {% if inventory_hostname in groups['clients'] and image_style == "centos" %} 2 | {% include 'clients_config.j2' %} 3 | {% endif %} 4 | {% if inventory_hostname in groups['servers'] and image_style == "centos" %} 5 | {% include 'servers_config.j2' %} 6 | {% endif %} 7 | {% if inventory_hostname == "gateway" and image_style == "openwrt" %} 8 | {% include 'openwrt_config.j2' %} 9 | {% endif %} 10 | {% if inventory_hostname == "controller" and image_style == "centos" %} 11 | {% include 'controller_config.j2' %} 12 | {% endif %} 13 | -------------------------------------------------------------------------------- /playbooks/templates/iosv_default_config.j2: -------------------------------------------------------------------------------- 1 | configure terminal 2 | hostname {{ inventory_hostname }} 3 | {% if mgmt_interface is defined %} 4 | interface {{ mgmt_interface }} 5 | {% if image_style == "iosv_l2" %} 6 | no switchport 7 | {% endif %} 8 | ip address dhcp 9 | no cdp enable 10 | no shutdown 11 | {% endif %} 12 | ip domain-name lan 13 | username {{ gns3_lab_user }} privilege 15 password {{ gns3_lab_pass }} 14 | crypto key generate rsa modulus 2048 15 | ip ssh version 2 16 | ip scp server enable 17 | line vty 0 4 18 | login local 19 | transport input ssh 20 | end 21 | write memory 22 | -------------------------------------------------------------------------------- /roles/ios_ospfv3/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: goffinet 4 | description: configure OSPFv3 5 | license: CC-BY-4.0 6 | min_ansible_version: 2.9 7 | galaxy_tags: 8 | - cisco 9 | - iosv 10 | - ccna 11 | - ipv6 12 | - routing 13 | - ospfv3 14 | platforms: 15 | - name: VIOS-ADVENTERPRISEK9-M 16 | versions: 17 | - 15.6(2)T 18 | - name: vios_l2-ADVENTERPRISEK9-M 19 | versions: 20 | - 15.2(20170321:233949) 21 | dependencies: 22 | - role: ios_interface 23 | - role: ios_ipv6 24 | - role: ios_ipv6_routing 25 | -------------------------------------------------------------------------------- /roles/ios_recursive_dns_server/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: goffinet 4 | description: configure recursive dns server 5 | license: CC-BY-4.0 6 | min_ansible_version: 2.9 7 | galaxy_tags: 8 | - cisco 9 | - iosv 10 | - ccna 11 | - dns 12 | - rdnss 13 | platforms: 14 | - name: VIOS-ADVENTERPRISEK9-M 15 | versions: 16 | - 15.6(2)T 17 | - name: vios_l2-ADVENTERPRISEK9-M 18 | versions: 19 | - 15.2(20170321:233949) 20 | dependencies: 21 | - role: ios_interface 22 | - role: ios_ipv4 23 | - role: ios_ipv6 24 | -------------------------------------------------------------------------------- /inventories/custom/osseclab/hosts: -------------------------------------------------------------------------------- 1 | [openwrt] 2 | gateway 3 | 4 | [controllers] 5 | controller 6 | 7 | [clients] 8 | pc1 9 | pc2 10 | 11 | [servers] 12 | srv1 13 | srv2 14 | 15 | 16 | [end_hosts:children] 17 | clients 18 | servers 19 | 20 | [linux:children] 21 | end_hosts 22 | controllers 23 | 24 | [openwrt:vars] 25 | image_style=openwrt 26 | ansible_network_os="" 27 | ansible_connection=ssh 28 | 29 | [linux:vars] 30 | image_style=centos 31 | ansible_network_os="" 32 | ansible_connection=ssh 33 | 34 | [all:vars] 35 | ansible_user=root 36 | ansible_ssh_pass=testtest 37 | ansible_port=22 38 | -------------------------------------------------------------------------------- /roles/ios_eigrp6/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: goffinet 4 | description: configure EIGRP for IPv6 5 | license: CC-BY-4.0 6 | min_ansible_version: 2.9 7 | galaxy_tags: 8 | - cisco 9 | - iosv 10 | - ccna 11 | - ipv6 12 | - routing 13 | - eigrp 14 | platforms: 15 | - name: VIOS-ADVENTERPRISEK9-M 16 | versions: 17 | - 15.6(2)T 18 | - name: vios_l2-ADVENTERPRISEK9-M 19 | versions: 20 | - 15.2(20170321:233949) 21 | dependencies: 22 | - role: ios_interface 23 | - role: ios_ipv6 24 | - role: ios_ipv6_routing 25 | -------------------------------------------------------------------------------- /roles/ios_static_routing/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: goffinet 4 | description: add ip routes 5 | license: CC-BY-4.0 6 | min_ansible_version: 2.9 7 | galaxy_tags: 8 | - cisco 9 | - iosv 10 | - ccna 11 | platforms: 12 | - name: VIOS-ADVENTERPRISEK9-M 13 | versions: 14 | - 15.6(2)T 15 | - name: vios_l2-ADVENTERPRISEK9-M 16 | versions: 17 | - 15.2(20170321:233949) 18 | dependencies: 19 | - role: ios_interface 20 | - role: ios_ipv4 21 | - role: ios_ipv4_routing 22 | - role: ios_ipv6 23 | - role: ios_ipv6_routing 24 | -------------------------------------------------------------------------------- /inventories/custom/startup_ios/hosts: -------------------------------------------------------------------------------- 1 | [all:vars] 2 | #method=modules # modules or templating 3 | 4 | [core] 5 | GATEWAY 6 | 7 | [stick] 8 | SW0 9 | 10 | [routers:children] 11 | core 12 | 13 | [switches:children] 14 | stick 15 | 16 | [cisco:children] 17 | core 18 | stick 19 | 20 | [stick:vars] 21 | mgmt_interface=GigabitEthernet3/3 22 | image_style=iosv_l2 23 | 24 | [core:vars] 25 | mgmt_interface=GigabitEthernet0/7 26 | image_style=iosv_l3 27 | 28 | [cisco:vars] 29 | ansible_user=root 30 | ansible_ssh_pass=testtest 31 | ansible_port=22 32 | ansible_connection=network_cli 33 | ansible_network_os=ios 34 | -------------------------------------------------------------------------------- /inventories/router_on_a_stick/hosts: -------------------------------------------------------------------------------- 1 | [all:vars] 2 | #method=modules # modules or templating 3 | 4 | [core] 5 | R1 6 | 7 | [stick] 8 | SW0 9 | SW1 10 | 11 | [routers:children] 12 | core 13 | 14 | [switches:children] 15 | stick 16 | 17 | [cisco:children] 18 | core 19 | stick 20 | 21 | [core:vars] 22 | mgmt_interface=GigabitEthernet0/7 23 | image_style=iosv_l3 24 | 25 | [stick:vars] 26 | mgmt_interface=GigabitEthernet3/3 27 | image_style=iosv_l2 28 | 29 | [cisco:vars] 30 | ansible_user=root 31 | ansible_ssh_pass=testtest 32 | ansible_port=22 33 | ansible_connection=network_cli 34 | ansible_network_os=ios 35 | -------------------------------------------------------------------------------- /playbooks/ansible.cfg: -------------------------------------------------------------------------------- 1 | [defaults] 2 | inventory = ./inventories/ccna/hosts 3 | roles_path = ~/.ansible/roles:./roles 4 | library = ./library 5 | host_key_checking = False 6 | retry_files_enabled = False 7 | log_path = ./ansible.log 8 | #forks = 20 9 | strategy = linear 10 | #gathering = explicit 11 | callback_whitelist = profile_tasks 12 | #display_ok_hosts = no 13 | #display_skipped_hosts = no 14 | #[callback_profile_tasks] 15 | #task_output_limit = 100 16 | #[persistent_connection] 17 | #command_timeout=100 18 | #connect_timeout=100 19 | #connect_retry_timeout=100 20 | #buffer_read_timeout = 2 21 | #network_cli_retries = 5 22 | -------------------------------------------------------------------------------- /roles/ios_rip/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: goffinet 4 | description: configure RIPv2 5 | license: CC-BY-4.0 6 | min_ansible_version: 2.9 7 | galaxy_tags: 8 | - cisco 9 | - iosv 10 | - ccna 11 | - ipv4 12 | - routing 13 | - rip 14 | platforms: 15 | - name: VIOS-ADVENTERPRISEK9-M 16 | versions: 17 | - 15.6(2)T 18 | - name: vios_l2-ADVENTERPRISEK9-M 19 | versions: 20 | - 15.2(20170321:233949) 21 | dependencies: 22 | - role: ios_interface 23 | - role: ios_ipv4 24 | - role: ios_ipv4_routing 25 | # - role: ios_disable_dynamic_ipv4_routing 26 | -------------------------------------------------------------------------------- /roles/ios_ospfv2/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: goffinet 4 | description: configure OSPFv2 5 | license: CC-BY-4.0 6 | min_ansible_version: 2.9 7 | galaxy_tags: 8 | - cisco 9 | - iosv 10 | - ccna 11 | - ipv4 12 | - routing 13 | - ospfv2 14 | platforms: 15 | - name: VIOS-ADVENTERPRISEK9-M 16 | versions: 17 | - 15.6(2)T 18 | - name: vios_l2-ADVENTERPRISEK9-M 19 | versions: 20 | - 15.2(20170321:233949) 21 | dependencies: 22 | - role: ios_interface 23 | - role: ios_ipv4 24 | - role: ios_ipv4_routing 25 | # - role: ios_disable_dynamic_ipv4_routing 26 | -------------------------------------------------------------------------------- /roles/ios_eigrp4/meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: goffinet 4 | description: configure EIGRP for IPv4 5 | license: CC-BY-4.0 6 | min_ansible_version: 2.9 7 | galaxy_tags: 8 | - cisco 9 | - iosv 10 | - ccna 11 | - ipv4 12 | - routing 13 | - eigrp 14 | platforms: 15 | - name: VIOS-ADVENTERPRISEK9-M 16 | versions: 17 | - 15.6(2)T 18 | - name: vios_l2-ADVENTERPRISEK9-M 19 | versions: 20 | - 15.2(20170321:233949) 21 | dependencies: 22 | - role: ios_interface 23 | - role: ios_ipv4 24 | - role: ios_ipv4_routing 25 | # - role: ios_disable_dynamic_ipv4_routing 26 | -------------------------------------------------------------------------------- /playbooks/ccnp/01_01_02_implement_inter_vlan_routing.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # ccnp_01_01_02_implement_inter_vlan_routing.yml 3 | - hosts: l3_devices 4 | gather_facts: False 5 | roles: 6 | - role: ios_interface 7 | - role: ios_vlans 8 | - role: ios_ipv4 9 | - role: ios_ipv6 10 | - role: ios_ipv4_routing 11 | - role: ios_ipv6_routing 12 | - role: ios_static_routing 13 | - role: ios_write 14 | - hosts: l2_devices 15 | gather_facts: False 16 | roles: 17 | - role: ios_no_ipv4_routing 18 | - role: ios_vlans 19 | - role: ios_interface 20 | - role: ios_ipv4 21 | - role: ios_ipv6 22 | - role: ios_write 23 | -------------------------------------------------------------------------------- /inventories/custom/osseclab/templates/servers_config.j2: -------------------------------------------------------------------------------- 1 | rm -f /etc/machine-id 2 | systemd-machine-id-setup 3 | hostnamectl set-hostname {{ hostname }} 4 | echo {{ hostname }} > /etc/hostname 5 | sed -i 's/^#PermitRootLogin .*/PermitRootLogin yes/g' /etc/ssh/sshd_config 6 | {% for interface in interfaces %} 7 | nmcli c mod "{{ interface['id'] }}" ipv4.method manual ipv4.addresses {{ interface['ipv4_address'] }} 8 | nmcli c mod "{{ interface['id'] }}" ipv4.gateway {{ interface['ipv4_gateway'] }} 9 | nmcli c mod "{{ interface['id'] }}" ipv4.dns {{ interface['ipv4_dns'] }} 10 | nmcli c up "{{ interface['id'] }}" 11 | {% endfor %} 12 | echo "" > /etc/motd 13 | -------------------------------------------------------------------------------- /inventories/custom/osseclab_minimal/templates/servers_config.j2: -------------------------------------------------------------------------------- 1 | rm -f /etc/machine-id 2 | systemd-machine-id-setup 3 | hostnamectl set-hostname {{ hostname }} 4 | echo {{ hostname }} > /etc/hostname 5 | sed -i 's/^#PermitRootLogin .*/PermitRootLogin yes/g' /etc/ssh/sshd_config 6 | {% for interface in interfaces %} 7 | nmcli c mod "{{ interface['id'] }}" ipv4.method manual ipv4.addresses {{ interface['ipv4_address'] }} 8 | nmcli c mod "{{ interface['id'] }}" ipv4.gateway {{ interface['ipv4_gateway'] }} 9 | nmcli c mod "{{ interface['id'] }}" ipv4.dns {{ interface['ipv4_dns'] }} 10 | nmcli c up "{{ interface['id'] }}" 11 | {% endfor %} 12 | echo "" > /etc/motd 13 | -------------------------------------------------------------------------------- /yamllint.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # Based on ansible-lint config 3 | extends: default 4 | 5 | rules: 6 | braces: {max-spaces-inside: 1, level: error} 7 | brackets: {max-spaces-inside: 1, level: error} 8 | colons: {max-spaces-after: -1, level: error} 9 | commas: {max-spaces-after: -1, level: error} 10 | comments: disable 11 | comments-indentation: disable 12 | document-start: disable 13 | empty-lines: {max: 3, level: error} 14 | hyphens: {level: error} 15 | indentation: disable 16 | key-duplicates: enable 17 | line-length: disable 18 | new-line-at-end-of-file: disable 19 | new-lines: {type: unix} 20 | trailing-spaces: disable 21 | truthy: disable 22 | -------------------------------------------------------------------------------- /inventories/ccnp/01_01_02_inter_vlan_routing/templates/end_hosts_config.j2: -------------------------------------------------------------------------------- 1 | rm -f /etc/machine-id 2 | systemd-machine-id-setup 3 | hostnamectl set-hostname {{ hostname }} 4 | echo {{ hostname }} > /etc/hostname 5 | {% for interface in interfaces %} 6 | nmcli c mod "{{ interface['id'] }}" ipv4.method manual ipv4.addresses {{ interface['ipv4_address'] }} 7 | nmcli c mod "{{ interface['id'] }}" ipv4.gateway {{ interface['ipv4_gateway'] }} 8 | nmcli c mod "{{ interface['id'] }}" ipv6.method manual ipv6.addresses {{ interface['ipv6_address'] }} 9 | nmcli c mod "{{ interface['id'] }}" ipv6.gateway {{ interface['ipv6_gateway'] }} 10 | nmcli c up "{{ interface['id'] }}" 11 | {% endfor %} 12 | -------------------------------------------------------------------------------- /roles/ios_write/tasks/get_config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: write memory and backup the config 3 | ios_config: 4 | backup: yes 5 | backup_options: 6 | dir_path: "{{ configs_path | default('./configs/') }}" 7 | filename: "{{ inventory_hostname }}.cfg" 8 | - name: remove non config line 9 | lineinfile: 10 | path: "{{ configs_path | default('./configs/') }}{{ inventory_hostname }}.cfg" 11 | line: "Building configuration..." 12 | state: absent 13 | - name: remove non config line -regex 14 | lineinfile: 15 | path: "{{ configs_path | default('./configs/') }}{{ inventory_hostname }}.cfg" 16 | regexp: 'Current configuration.*' 17 | state: absent 18 | -------------------------------------------------------------------------------- /roles/ios_role/.travis.yml: -------------------------------------------------------------------------------- 1 | --- 2 | language: python 3 | python: "2.7" 4 | 5 | # Use the new container infrastructure 6 | sudo: false 7 | 8 | # Install ansible 9 | addons: 10 | apt: 11 | packages: 12 | - python-pip 13 | 14 | install: 15 | # Install ansible 16 | - pip install ansible 17 | 18 | # Check ansible version 19 | - ansible --version 20 | 21 | # Create ansible.cfg with correct roles_path 22 | - printf '[defaults]\nroles_path=../' >ansible.cfg 23 | 24 | script: 25 | # Basic role syntax check 26 | - ansible-playbook tests/test.yml -i tests/inventory --syntax-check 27 | 28 | notifications: 29 | webhooks: https://galaxy.ansible.com/api/v1/notifications/ -------------------------------------------------------------------------------- /roles/ios_interface/tasks/enable_interfaces.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: disable switchport on switch interface 3 | ios_config: 4 | defaults: yes 5 | parents: interface {{ item.id }} 6 | lines: 7 | - no switchport 8 | loop: "{{ interfaces }}" 9 | when: 10 | - item.noswitchport is defined 11 | - item.id is defined 12 | tags: 13 | - interface 14 | - name: enable interface 15 | ios_interfaces: 16 | config: 17 | - name: "{{ item.id }}" 18 | enabled: True 19 | description: "{{ item.description }}" 20 | loop: "{{ interfaces }}" 21 | when: 22 | - item.stub is not defined 23 | - item.id is defined 24 | tags: 25 | - interface 26 | -------------------------------------------------------------------------------- /playbooks/router_on_a_stick.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # router_on_a_stick.yml 3 | - hosts: stick 4 | gather_facts: False 5 | roles: 6 | - role: ios_common 7 | - role: ios_vlans 8 | - role: ios_interface 9 | - role: ios_ipv4 10 | - role: ios_ipv6 11 | - role: ios_no_ipv4_routing 12 | - role: ios_write 13 | - hosts: core 14 | gather_facts: False 15 | roles: 16 | - role: ios_common 17 | - role: ios_interface 18 | - role: ios_vlans 19 | - role: ios_ipv4 20 | - role: ios_ipv6 21 | - role: ios_ipv4_routing 22 | - role: ios_ipv6_routing 23 | - role: ios_nat44 24 | - role: ios_recursive_dns_server 25 | - role: ios_dhcp_server 26 | - role: ios_write 27 | -------------------------------------------------------------------------------- /inventories/networking_workshop/host_vars/rtr3: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: rtr3 3 | interfaces: 4 | - id: GigabitEthernet0/1 5 | description: "rtr3 lan" 6 | ipv4_address: 10.100.103.3/24 7 | passive: 8 | ospfv2: 9 | area: 0 10 | cost: 1 11 | pri: 255 12 | - id: GigabitEthernet0/2 13 | description: "Link to rtr1" 14 | ipv4_address: 10.100.100.3/24 15 | ospfv2: 16 | area: 0 17 | cost: 1 18 | pri: 255 19 | routing: 20 | rid: 3.3.3.3 21 | dhcp: 22 | dhcp_pool: 23 | - id: "LANR1" 24 | network: 10.100.103.0 25 | netmask: 255.255.255.0 26 | router: 10.100.103.3 27 | dhcp_excluded: 28 | - start: 10.100.103.1 29 | end: 10.100.103.100 30 | -------------------------------------------------------------------------------- /inventories/networking_workshop/host_vars/rtr4: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: rtr4 3 | interfaces: 4 | - id: GigabitEthernet0/1 5 | description: "rtr4 lan" 6 | ipv4_address: 10.100.104.4/24 7 | passive: 8 | ospfv2: 9 | area: 0 10 | cost: 1 11 | pri: 255 12 | - id: GigabitEthernet0/2 13 | description: "Link to rtr2" 14 | ipv4_address: 10.100.101.4/24 15 | ospfv2: 16 | area: 0 17 | cost: 1 18 | pri: 255 19 | routing: 20 | rid: 4.4.4.4 21 | dhcp: 22 | dhcp_pool: 23 | - id: "LANR1" 24 | network: 10.100.104.0 25 | netmask: 255.255.255.0 26 | router: 10.100.104.4 27 | dhcp_excluded: 28 | - start: 10.100.104.1 29 | end: 10.100.104.100 30 | -------------------------------------------------------------------------------- /roles/ios_vlans/tasks/configure_access_ports.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: configure access ports 3 | ios_config: 4 | defaults: yes 5 | parents: interface {{ item.id }} 6 | lines: 7 | - switchport mode access 8 | - switchport access vlan {{ item.access.vlan | default('1') }} 9 | loop: "{{ interfaces | selectattr('access', 'defined') | list }}" 10 | when: 11 | - item.access is defined 12 | - name: stp protection on access ports 13 | ios_config: 14 | defaults: yes 15 | parents: interface {{ item.id }} 16 | lines: 17 | - spanning-tree portfast edge 18 | - spanning-tree bpduguard enable 19 | loop: "{{ interfaces | selectattr('access', 'defined') | list }}" 20 | when: 21 | - item.access is defined 22 | -------------------------------------------------------------------------------- /inventories/custom/osseclab/templates/controller_config.j2: -------------------------------------------------------------------------------- 1 | rm -f /etc/machine-id 2 | systemd-machine-id-setup 3 | hostnamectl set-hostname controller 4 | echo controller > /etc/hostname 5 | echo "" > /etc/motd 6 | sed -i 's/^#PermitRootLogin .*/PermitRootLogin yes/g' /etc/ssh/sshd_config 7 | echo "curl -s https://raw.githubusercontent.com/goffinet/ansible-ccna-lab/master/tests/almalinux9-controller.sh -o setup.sh" > readme.txt 8 | echo "bash setup.sh ; reboot" >> readme.txt 9 | {% for interface in interfaces %} 10 | nmcli c mod "{{ interface['id'] }}" ipv4.method manual ipv4.addresses {{ interface['ipv4_address'] }} 11 | nmcli c mod "{{ interface['id'] }}" ipv4.dns {{ interface['ipv4_dns'] }} 12 | nmcli c up "{{ interface['id'] }}" 13 | {% endfor %} 14 | #disown %1 15 | -------------------------------------------------------------------------------- /inventories/custom/osseclab_minimal/templates/controller_config.j2: -------------------------------------------------------------------------------- 1 | rm -f /etc/machine-id 2 | systemd-machine-id-setup 3 | hostnamectl set-hostname controller 4 | echo controller > /etc/hostname 5 | echo "" > /etc/motd 6 | sed -i 's/^#PermitRootLogin .*/PermitRootLogin yes/g' /etc/ssh/sshd_config 7 | echo "curl -s https://raw.githubusercontent.com/goffinet/ansible-ccna-lab/master/tests/almalinux9-controller.sh -o setup.sh" > readme.txt 8 | echo "bash setup.sh ; reboot" >> readme.txt 9 | {% for interface in interfaces %} 10 | nmcli c mod "{{ interface['id'] }}" ipv4.method manual ipv4.addresses {{ interface['ipv4_address'] }} 11 | nmcli c mod "{{ interface['id'] }}" ipv4.dns {{ interface['ipv4_dns'] }} 12 | nmcli c up "{{ interface['id'] }}" 13 | {% endfor %} 14 | #disown %1 15 | -------------------------------------------------------------------------------- /tests/create_all_labs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ans="ansible-playbook lab_setup.yml -t provision -i" 4 | 5 | $ans inventories/bipod/hosts 6 | $ans inventories/ccna/hosts 7 | $ans inventories/ccnp/01_01_02_inter_vlan_routing/hosts 8 | $ans inventories/custom/ccna_remote/hosts 9 | $ans inventories/custom/etherchannel/hosts 10 | $ans inventories/custom/ospf_multiarea/hosts 11 | $ans inventories/custom/ospf_neighbors/hosts 12 | #$ans inventories/custom/osseclab/hosts 13 | $ans inventories/custom/startup_ios/hosts 14 | $ans inventories/custom/startup_linux/hosts 15 | $ans inventories/custom/tripod_l2/hosts 16 | $ans inventories/gateway/hosts 17 | $ans inventories/networking_workshop/hosts 18 | $ans inventories/router_on_a_stick/hosts 19 | $ans inventories/switchblock/hosts 20 | $ans inventories/tripod/hosts 21 | -------------------------------------------------------------------------------- /roles/ios_common/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: "{{ inventory_hostname }}" 3 | domain_name: "{{ group_names|first }}" 4 | banners: 5 | enabled: true 6 | login: | 7 | Default Multi-line motd banner 8 | for {{ inventory_hostname }} device in the CCNA Lab 9 | motd: | 10 | Default Multi-line motd banner for {{ inventory_hostname }} 11 | for {{ inventory_hostname }} device in the CCNA Lab 12 | exec: | 13 | Default Multi-line exec banner 14 | for {{ inventory_hostname }} device in the CCNA Lab 15 | incoming: | 16 | Default Multi-line incoming banner 17 | for {{ inventory_hostname }} device in the CCNA Lab 18 | slip_ppp: | 19 | Default Multi-line slip-ppp banner 20 | for {{ inventory_hostname }} device in the CCNA Lab 21 | -------------------------------------------------------------------------------- /docs/index.html: -------------------------------------------------------------------------------- 1 | --- 2 | layout: home 3 | author_profile: true 4 | title: Projet Ansible CCNA Lab 5 | permalink: / 6 | description: "On trouvera ici des livres de jeu Ansible inspirés des topologies et des sujets du Cisco CCNA (et plus) pour GNS3 (Cisco IOSv). Le projet permet de créer des topologies avec GNS3, de les approvisionner et, ensuite, de les gérer avec Ansible avec pour seul objet du code reproductible et manipulable à l'envi." 7 | sidebar: 8 | nav: "menu" 9 | date: 2020-05-24 10 | sort_order: reverse 11 | --- 12 | 13 | On trouvera ici des livres de jeu Ansible inspirés des topologies et des sujets du Cisco CCNA (et plus) pour GNS3 (Cisco IOSv). Le projet permet de créer des topologies avec GNS3, de les approvisionner et, ensuite, de les gérer avec Ansible avec pour seul objet du code reproductible et manipulable à l'envi. 14 | -------------------------------------------------------------------------------- /inventories/gateway/host_vars/R1: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: R1 3 | domain_name: lan 4 | interfaces: 5 | - id: GigabitEthernet0/0 6 | description: "LAN R1" 7 | ipv4_address: 192.168.1.1/24 8 | ipv6_addresses: 9 | - 'FE80::1' 10 | - 'FD00:FD00:FD00:1::1/64' 11 | - id: GigabitEthernet0/1 12 | description: "Internet connexion ip nat outside" 13 | ipv4_address: dhcp 14 | dhcp: 15 | dhcp_pool: 16 | - id: "LANR1" 17 | network: 192.168.1.0 18 | netmask: 255.255.255.0 19 | router: 192.168.1.1 20 | dns: 192.168.1.1 21 | dhcp_excluded: 22 | - start: 192.168.1.1 23 | end: 192.168.1.100 24 | nat: 25 | name: "LANS" 26 | inside: 27 | - GigabitEthernet0/0 28 | outside: GigabitEthernet0/1 29 | sources: 30 | - "192.168.1.0 0.0.0.255" 31 | rdnss: 32 | name_server: 1.1.1.1 33 | -------------------------------------------------------------------------------- /inventories/router_on_a_stick/group_vars/switches: -------------------------------------------------------------------------------- 1 | --- 2 | stp: 3 | mode: rapid-pvst 4 | vlans: 5 | - id: 10 6 | name: DATA 7 | - id: 20 8 | name: VOICE 9 | - id: 99 10 | name: MANAGEMENT 11 | - id: 100 12 | name: NATIVE 13 | stubvlan: 14 | id: 4000 15 | name: STUB 16 | #switchports: 17 | # - id: GigabitEthernet0/0 18 | # - id: GigabitEthernet0/1 19 | # - id: GigabitEthernet0/2 20 | # - id: GigabitEthernet0/3 21 | # - id: GigabitEthernet1/0 22 | # - id: GigabitEthernet1/1 23 | # - id: GigabitEthernet1/2 24 | # - id: GigabitEthernet1/3 25 | # - id: GigabitEthernet2/0 26 | # - id: GigabitEthernet2/1 27 | # - id: GigabitEthernet2/2 28 | # - id: GigabitEthernet2/3 29 | # - id: GigabitEthernet3/0 30 | # - id: GigabitEthernet3/1 31 | # - id: GigabitEthernet3/2 32 | ## - id: GigabitEthernet3/3 # reserved for ansible console management 33 | -------------------------------------------------------------------------------- /roles/ios_dhcp_server/tasks/enable_dhcp_server.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: enable ipv4 dhcp server 3 | ios_config: 4 | defaults: yes 5 | parents: ip dhcp pool {{ item.id }} 6 | lines: 7 | - network {{ item.network }} {{ item.netmask }} 8 | - default-router {{ item.router }} 9 | loop: "{{ dhcp.dhcp_pool }}" 10 | when: dhcp.dhcp_pool is defined 11 | - name: define dns option in ipv4 dhcp pool 12 | ios_config: 13 | defaults: yes 14 | parents: ip dhcp pool {{ item.id }} 15 | lines: 16 | - dns-server {{ item.dns }} 17 | loop: "{{ dhcp.dhcp_pool }}" 18 | when: 19 | - item.dns is defined 20 | - name: exclude range from pool 21 | ios_config: 22 | defaults: yes 23 | lines: 24 | - ip dhcp excluded-address {{ item.start }} {{ item.end }} 25 | loop: "{{ dhcp.dhcp_excluded }}" 26 | when: dhcp.dhcp_excluded is defined 27 | -------------------------------------------------------------------------------- /inventories/ccna/hosts: -------------------------------------------------------------------------------- 1 | [all:vars] 2 | #method=modules # modules or templating not yet implemented 3 | 4 | [core] 5 | R1 6 | R2 7 | R3 8 | 9 | [distribution] 10 | DS1 11 | DS2 12 | 13 | [access] 14 | AS1 15 | AS2 16 | 17 | [stick] 18 | SW0 19 | SW1 20 | 21 | [blocks:children] 22 | distribution 23 | access 24 | 25 | [routers:children] 26 | core 27 | 28 | [switches:children] 29 | blocks 30 | stick 31 | 32 | [cisco:children] 33 | core 34 | blocks 35 | stick 36 | 37 | [core:vars] 38 | mgmt_interface=GigabitEthernet0/7 39 | image_style=iosv_l3 40 | 41 | [blocks:vars] 42 | mgmt_interface=GigabitEthernet3/3 43 | image_style=iosv_l2 44 | 45 | [stick:vars] 46 | mgmt_interface=GigabitEthernet3/3 47 | image_style=iosv_l2 48 | 49 | [cisco:vars] 50 | ansible_user=root 51 | ansible_ssh_pass=testtest 52 | ansible_port=22 53 | ansible_connection=network_cli 54 | ansible_network_os=ios 55 | -------------------------------------------------------------------------------- /playbooks/tripod.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # tripod.yml 3 | - hosts: core 4 | gather_facts: False 5 | roles: 6 | - role: ios_common 7 | - role: ios_interface 8 | - role: ios_ipv4 9 | - role: ios_ipv6 10 | - role: ios_ipv4_routing 11 | - role: ios_ipv6_routing 12 | - role: ios_fhrp 13 | - role: ios_rip 14 | when: '"rip" in ipv4.routing' 15 | - role: ios_eigrp4 16 | when: '"eigrp" in ipv4.routing' 17 | - role: ios_ospfv2 18 | when: '"ospf" in ipv4.routing' 19 | - role: ios_eigrp6 20 | when: 21 | - '"eigrp" in ipv6.routing' 22 | - role: ios_ospfv3 23 | when: 24 | - '"ospf" in ipv6.routing' 25 | - role: ios_recursive_dns_server 26 | - role: ios_dhcp_server 27 | - role: ios_write 28 | - hosts: R1 29 | gather_facts: False 30 | roles: 31 | - role: ios_nat44 32 | - role: ios_write 33 | -------------------------------------------------------------------------------- /docs/_posts/0001-03-01-mise-en-place-du-lab-sur-gns3.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: single 3 | title: "La mise en place du lab sur GNS3" 4 | permalink: /mise-en-place-du-lab-sur-gns3/ 5 | excerpt: " " 6 | toc: false 7 | tags: 8 | - tutoriel 9 | sidebar: 10 | nav: "menu" 11 | date: 2020-05-24 12 | --- 13 | 14 | La mise en place du lab se réalise sur le serveur GNS3 ou sur une station qui dispose d'un accès au serveur.[^1] Il correspond à quelques étapes : 15 | 16 | - Créer un projet GNS3 avec des périphériques interconnectés. 17 | - Placer une station de contrôle avec Ansible et y connecter les périphériques à gérer. 18 | - Préparer les images des noeuds Cisco pour une gestion avec Ansible à partir de la station de contrôle. 19 | 20 | [^1]: Pour installer GNS3 avec Ansible, on fera référence à un autre projet : ~~[ansible-install-gns3-server](https://github.com/goffinet/ansible-install-gns3-server)~~. 21 | -------------------------------------------------------------------------------- /inventories/networking_workshop/host_vars/rtr1: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: rtr1 3 | interfaces: 4 | - id: GigabitEthernet0/0 5 | description: "Link to rtr2" 6 | ipv4_address: 10.200.200.1/24 7 | ospfv2: 8 | area: 0 9 | cost: 1 10 | pri: 255 11 | - id: GigabitEthernet0/1 12 | description: "rtr1 lan" 13 | ipv4_address: 10.200.201.1/24 14 | passive: 15 | ospfv2: 16 | area: 0 17 | cost: 1 18 | pri: 255 19 | - id: GigabitEthernet0/2 20 | description: "Link to rtr3" 21 | ipv4_address: 10.100.100.1/24 22 | ospfv2: 23 | area: 0 24 | cost: 1 25 | pri: 255 26 | routing: 27 | rid: 1.1.1.1 28 | dhcp: 29 | dhcp_pool: 30 | - id: "LANR1" 31 | network: 10.200.201.0 32 | netmask: 255.255.255.0 33 | router: 10.200.201.1 34 | dhcp_excluded: 35 | - start: 10.200.201.1 36 | end: 10.200.201.100 37 | -------------------------------------------------------------------------------- /inventories/networking_workshop/host_vars/rtr2: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: rtr2 3 | interfaces: 4 | - id: GigabitEthernet0/0 5 | description: "Link to rtr1" 6 | ipv4_address: 10.200.200.2/24 7 | ospfv2: 8 | area: 0 9 | cost: 1 10 | pri: 255 11 | - id: GigabitEthernet0/1 12 | description: "rtr2 lan" 13 | ipv4_address: 10.200.202.2/24 14 | passive: 15 | ospfv2: 16 | area: 0 17 | cost: 1 18 | pri: 255 19 | - id: GigabitEthernet0/2 20 | description: "Link to rtr4" 21 | ipv4_address: 10.100.101.2/24 22 | ospfv2: 23 | area: 0 24 | cost: 1 25 | pri: 255 26 | routing: 27 | rid: 2.2.2.2 28 | dhcp: 29 | dhcp_pool: 30 | - id: "LANR1" 31 | network: 10.200.202.0 32 | netmask: 255.255.255.0 33 | router: 10.200.202.2 34 | dhcp_excluded: 35 | - start: 10.200.202.1 36 | end: 10.200.202.100 37 | -------------------------------------------------------------------------------- /inventories/ccna/group_vars/blocks: -------------------------------------------------------------------------------- 1 | --- 2 | stp: 3 | mode: rapid-pvst 4 | vlans: 5 | - id: 10 6 | name: VLAN10 7 | - id: 20 8 | name: VLAN20 9 | - id: 30 10 | name: VLAN30 11 | - id: 40 12 | name: VLAN40 13 | - id: 99 14 | name: MANAGEMENT 15 | stubvlan: 16 | id: 4000 17 | name: STUB 18 | routing: 19 | eigrp_as: 1 20 | #switchports: 21 | # - id: GigabitEthernet0/0 22 | # - id: GigabitEthernet0/1 23 | # - id: GigabitEthernet0/2 24 | # - id: GigabitEthernet0/3 25 | # - id: GigabitEthernet1/0 26 | # - id: GigabitEthernet1/1 27 | # - id: GigabitEthernet1/2 28 | # - id: GigabitEthernet1/3 29 | # - id: GigabitEthernet2/0 30 | # - id: GigabitEthernet2/1 31 | # - id: GigabitEthernet2/2 32 | # - id: GigabitEthernet2/3 33 | # - id: GigabitEthernet3/0 34 | # - id: GigabitEthernet3/1 35 | # - id: GigabitEthernet3/2 36 | # - id: GigabitEthernet3/3 # reserved for ansible console management 37 | -------------------------------------------------------------------------------- /inventories/bipod/host_vars/R2: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: R2 3 | interfaces: 4 | - id: GigabitEthernet0/0 5 | description: "LAN R2" 6 | ipv4_address: 192.168.2.1/24 7 | ipv6_addresses: 8 | - 'FE80::2' 9 | - '2001:db8:1ab:2::1/64' 10 | passive: 11 | rip: 12 | - id: GigabitEthernet0/1 13 | description: "Link to R1" 14 | ipv4_address: 192.168.3.2/24 15 | ipv6_addresses: 16 | - 'FE80::2' 17 | static: 18 | - destination: 192.168.1.0/24 19 | next_hop: 192.168.3.1 20 | ad: 200 21 | state: present 22 | - destination: '2001:db8:1ab:1::/64' 23 | next_hop: 'FE80::1' 24 | ad: 200 25 | state: present 26 | rip: 27 | routing: 28 | rid: 2.2.2.2 29 | eigrp_as: 1 30 | dhcp: 31 | dhcp_pool: 32 | - id: "LANR2" 33 | network: 192.168.2.0 34 | netmask: 255.255.255.0 35 | router: 192.168.2.1 36 | dns: 192.168.2.1 37 | -------------------------------------------------------------------------------- /inventories/switchblock/group_vars/blocks: -------------------------------------------------------------------------------- 1 | --- 2 | stp: 3 | mode: rapid-pvst 4 | vlans: 5 | - id: 10 6 | name: VLAN10 7 | - id: 20 8 | name: VLAN20 9 | - id: 30 10 | name: VLAN30 11 | - id: 40 12 | name: VLAN40 13 | - id: 99 14 | name: MANAGEMENT 15 | stubvlan: 16 | id: 4000 17 | name: STUB 18 | routing: 19 | eigrp_as: 1 20 | #switchports: 21 | # - id: GigabitEthernet0/0 22 | # - id: GigabitEthernet0/1 23 | # - id: GigabitEthernet0/2 24 | # - id: GigabitEthernet0/3 25 | # - id: GigabitEthernet1/0 26 | # - id: GigabitEthernet1/1 27 | # - id: GigabitEthernet1/2 28 | # - id: GigabitEthernet1/3 29 | # - id: GigabitEthernet2/0 30 | # - id: GigabitEthernet2/1 31 | # - id: GigabitEthernet2/2 32 | # - id: GigabitEthernet2/3 33 | # - id: GigabitEthernet3/0 34 | # - id: GigabitEthernet3/1 35 | # - id: GigabitEthernet3/2 36 | # - id: GigabitEthernet3/3 # reserved for ansible console management 37 | -------------------------------------------------------------------------------- /inventories/custom/biglan/templates/controller_config.j2: -------------------------------------------------------------------------------- 1 | rm -f /etc/machine-id 2 | systemd-machine-id-setup 3 | hostnamectl set-hostname {{ hostname }} 4 | echo {{ hostname }} > /etc/hostname 5 | {% for interface in interfaces %} 6 | nmcli c mod "{{ interface['id'] }}" ipv4.method manual ipv4.addresses {{ interface['ipv4_address'] }} 7 | nmcli c mod "{{ interface['id'] }}" ipv4.dns {{ interface['ipv4_dns'] }} 8 | nmcli c up "{{ interface['id'] }}" 9 | {% endfor %} 10 | echo "" > /etc/motd 11 | curl -s https://raw.githubusercontent.com/goffinet/ansible-ccna-lab/master/tests/setup-controller.sh -o setup.sh 12 | chmod +x setup.sh 13 | curl -s https://raw.githubusercontent.com/goffinet/ansible-ccna-lab/master/tests/setup.service -o /etc/systemd/system/setup.service 14 | systemctl daemon-reload 15 | systemctl enable setup.service 16 | ln -s /etc/systemd/system/setup.service /etc/systemd/system/multi-user.target.wants/setup.service 17 | systemctl start setup.service 18 | -------------------------------------------------------------------------------- /inventories/custom/smalllan/templates/controller_config.j2: -------------------------------------------------------------------------------- 1 | rm -f /etc/machine-id 2 | systemd-machine-id-setup 3 | hostnamectl set-hostname {{ hostname }} 4 | echo {{ hostname }} > /etc/hostname 5 | {% for interface in interfaces %} 6 | nmcli c mod "{{ interface['id'] }}" ipv4.method manual ipv4.addresses {{ interface['ipv4_address'] }} 7 | nmcli c mod "{{ interface['id'] }}" ipv4.dns {{ interface['ipv4_dns'] }} 8 | nmcli c up "{{ interface['id'] }}" 9 | {% endfor %} 10 | echo "" > /etc/motd 11 | curl -s https://raw.githubusercontent.com/goffinet/ansible-ccna-lab/master/tests/setup-controller.sh -o setup.sh 12 | chmod +x setup.sh 13 | curl -s https://raw.githubusercontent.com/goffinet/ansible-ccna-lab/master/tests/setup.service -o /etc/systemd/system/setup.service 14 | systemctl daemon-reload 15 | systemctl enable setup.service 16 | ln -s /etc/systemd/system/setup.service /etc/systemd/system/multi-user.target.wants/setup.service 17 | systemctl start setup.service 18 | -------------------------------------------------------------------------------- /inventories/custom/tripod_l2/group_vars/all: -------------------------------------------------------------------------------- 1 | --- 2 | template: "{{ inventory_dir }}/templates/iosv_default_config.j2" 3 | gns3_url: "http://172.16.253.1" 4 | gns3_lab_user: "{{ ansible_user }}" 5 | gns3_lab_pass: "{{ ansible_ssh_pass }}" 6 | project_name: "tripod_l2_lab" 7 | gns3_nodes_spec: 8 | - name: "SW1" 9 | template: "Cisco IOSvL2 15.2.1" 10 | x: -100 11 | y: -100 12 | - name: "SW2" 13 | template: "Cisco IOSvL2 15.2.1" 14 | x: 0 15 | y: 0 16 | - name: "SW3" 17 | template: "Cisco IOSvL2 15.2.1" 18 | x: 100 19 | y: -100 20 | - name: "PC1" 21 | template: "linux-pc" 22 | x: -200 23 | y: -50 24 | - name: "PC2" 25 | template: "linux-pc" 26 | x: 200 27 | y: -50 28 | gns3_links_spec: 29 | - ["SW1", "Gi0/2", "SW2", "Gi0/1"] 30 | - ["SW1", "Gi0/3", "SW3", "Gi0/1"] 31 | - ["SW2", "Gi0/3", "SW3", "Gi0/2"] 32 | - ["SW1", "Gi1/0", "PC1", "Ethernet0"] 33 | - ["SW3", "Gi2/0", "PC2", "Ethernet0"] 34 | -------------------------------------------------------------------------------- /inventories/ccnp/01_01_02_inter_vlan_routing/templates/iosv_config.j2: -------------------------------------------------------------------------------- 1 | configure terminal 2 | hostname {{ inventory_hostname }} 3 | banner motd # This is {{ inventory_hostname }} for CCNP Lab # 4 | {% if mgmt_interface is defined %} 5 | interface {{ mgmt_interface }} 6 | {% if image_style == "iosv_l2" %} 7 | no switchport 8 | {% endif %} 9 | ip address dhcp 10 | no cdp enable 11 | no shutdown 12 | {% endif %} 13 | {% if inventory_hostname == "DS2" and image_style == "iosv_l2" %} 14 | no ip routing 15 | {% endif %} 16 | {% if image_style == "iosv_l2" %} 17 | interface range g0/0-3, g1/1-3, g2/0-1, g3/0-2 18 | shutdown 19 | {% endif %} 20 | ip domain-name lan 21 | username {{ gns3_lab_user }} privilege 15 password {{ gns3_lab_pass }} 22 | crypto key generate rsa modulus 2048 23 | ip ssh version 2 24 | ip scp server enable 25 | line vty 0 4 26 | login local 27 | transport input ssh 28 | line con 0 29 | exec-timeout 0 0 30 | logging synchronous 31 | end 32 | write memory 33 | -------------------------------------------------------------------------------- /roles/ios_static_routing/tasks/add_ip_routes.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: add ipv4 routes 3 | ios_static_route: 4 | prefix: "{{ item.1.destination | ipaddr('network') }}" 5 | mask: "{{ item.1.destination | ipaddr('netmask') }}" 6 | interface: "{{ item.0.id }}" 7 | name: "Static route to {{ item.1.destination | ipaddr('network/prefix') }} via {{ item.0.id }}" 8 | admin_distance: "{{ item.1.ad | default('254') }}" 9 | state: "{{ item.1.state | default('present') }}" 10 | loop: "{{ interfaces|subelements('static', skip_missing=True) }}" 11 | when: item.1.destination | ipv4 12 | - name: add ipv6 routes 13 | ios_config: 14 | lines: > 15 | ipv6 route {{ item.1.destination | ipaddr('network/prefix') | string | upper }} 16 | {{ item.0.id }} 17 | {{ item.1.next_hop | ipv6 }} 18 | {{ item.1.ad | default('254') }} 19 | loop: "{{ interfaces|subelements('static', skip_missing=True) }}" 20 | when: 21 | - item.1.destination | ipv6 22 | -------------------------------------------------------------------------------- /playbooks/switchblock.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # switchblock.yml 3 | - hosts: blocks 4 | gather_facts: False 5 | roles: 6 | - role: ios_common 7 | - role: ios_vlans 8 | - role: ios_etherchannel 9 | - role: ios_interface 10 | - role: ios_spanningtree 11 | - role: ios_ipv4 12 | - role: ios_ipv6 13 | - role: ios_write 14 | - hosts: access 15 | gather_facts: False 16 | roles: 17 | - role: ios_no_ipv4_routing 18 | - role: ios_write 19 | - hosts: distribution 20 | gather_facts: False 21 | roles: 22 | - role: ios_ipv4_routing 23 | - role: ios_ipv6_routing 24 | - role: ios_fhrp 25 | - role: ios_rip 26 | when: '"rip" in ipv4.routing' 27 | - role: ios_eigrp4 28 | when: '"eigrp" in ipv4.routing' 29 | - role: ios_ospfv2 30 | when: '"ospf" in ipv4.routing' 31 | - role: ios_eigrp6 32 | when: 33 | - '"eigrp" in ipv6.routing' 34 | - role: ios_recursive_dns_server 35 | - role: ios_dhcp_server 36 | - role: ios_write 37 | -------------------------------------------------------------------------------- /playbooks/demos/galaxy.yml: -------------------------------------------------------------------------------- 1 | ### requried 2 | # this can be a company/brand or product namespace under which all content lives 3 | namespace: 4 | # the designation of this specific collection 5 | name: 6 | # semantic versioning compliant version designation 7 | version: 8 | # a list of the collection's content authors: 'Full Name (http://site) @nicks:irc/im/site#channel' 9 | authors: 10 | 11 | ### optional but strongly advised 12 | # short summary of the collection 13 | description: 14 | # a valid SPDX license identifier https://spdx.org/licenses/ 15 | license: 16 | # list of keywords you want to associate the collection with for indexing/search systems 17 | tags: 18 | # list of dependencies, other collections this collection requires to be installed for it to be usable 19 | dependencies: 20 | 21 | ### urls 22 | # url of originating SCM repository 23 | repository: 24 | # url to online docs 25 | documentation: 26 | # homepage of the collection/project 27 | homepage: 28 | # issue tracker url 29 | issues: 30 | -------------------------------------------------------------------------------- /inventories/custom/ccna_remote/hosts: -------------------------------------------------------------------------------- 1 | [all:vars] 2 | #method=modules # modules or templating not yet implemented 3 | 4 | [core] 5 | R1 6 | R2 7 | R3 8 | 9 | [distribution] 10 | DS1 11 | DS2 12 | 13 | [access] 14 | AS1 15 | AS2 16 | 17 | [stick] 18 | SW0 19 | SW1 20 | 21 | [remote] 22 | R4 23 | 24 | [blocks:children] 25 | distribution 26 | access 27 | 28 | [routers:children] 29 | core 30 | 31 | [switches:children] 32 | blocks 33 | stick 34 | 35 | [cisco:children] 36 | core 37 | blocks 38 | stick 39 | remote 40 | 41 | [core:vars] 42 | mgmt_interface=GigabitEthernet0/7 43 | image_style=iosv_l3 44 | 45 | [blocks:vars] 46 | mgmt_interface=GigabitEthernet3/3 47 | image_style=iosv_l2 48 | 49 | [stick:vars] 50 | mgmt_interface=GigabitEthernet3/3 51 | image_style=iosv_l2 52 | 53 | [remote:vars] 54 | mgmt_interface=GigabitEthernet0/7 55 | image_style=iosv_l3 56 | 57 | [cisco:vars] 58 | ansible_user=root 59 | ansible_ssh_pass=testtest 60 | ansible_port=22 61 | ansible_connection=network_cli 62 | ansible_network_os=ios 63 | -------------------------------------------------------------------------------- /roles/ios_nat44/tasks/enable_nat.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: configure ipv4 adresses nat outside interface 3 | ios_config: 4 | defaults: yes 5 | parents: interface {{ nat.outside }} 6 | lines: 7 | - ip nat outside 8 | when: nat.outside is defined 9 | - name: configure ip nat inside interfaces 10 | ios_config: 11 | defaults: yes 12 | parents: interface {{ item }} 13 | lines: 14 | - ip nat inside 15 | loop: "{{ nat.inside }}" 16 | when: item is defined 17 | - name: configure source nat acl 18 | ios_config: 19 | defaults: yes 20 | parents: ip access-list standard {{ nat.name }} 21 | lines: 22 | - permit {{ item }} 23 | loop: "{{ nat.sources }}" 24 | when: 25 | - nat.name is defined 26 | - item is defined 27 | - name: configure the nat rule 28 | ios_config: 29 | defaults: yes 30 | lines: 31 | - ip nat inside source list {{ nat.name }} interface {{ nat.outside }} overload 32 | when: 33 | - nat.name is defined 34 | - nat.outside is defined 35 | -------------------------------------------------------------------------------- /inventories/ccnp/01_01_02_inter_vlan_routing/hosts: -------------------------------------------------------------------------------- 1 | #method=modules # modules or templating not yet implemented 2 | 3 | [l3_devices] 4 | R1 5 | R3 6 | DS1 7 | 8 | [l2_devices] 9 | DS2 10 | 11 | [core] 12 | R1 13 | R3 14 | 15 | [distribution] 16 | DS1 17 | DS2 18 | 19 | [blocks:children] 20 | distribution 21 | 22 | [routers:children] 23 | core 24 | 25 | [switches:children] 26 | blocks 27 | 28 | [cisco:children] 29 | core 30 | blocks 31 | 32 | [end_hosts] 33 | PC1 34 | PC2 35 | PC3 36 | PC4 37 | 38 | [controllers] 39 | controller 40 | 41 | [linux:children] 42 | end_hosts 43 | controllers 44 | 45 | [core:vars] 46 | mgmt_interface=GigabitEthernet0/7 47 | image_style=iosv_l3 48 | 49 | [blocks:vars] 50 | mgmt_interface=GigabitEthernet3/3 51 | image_style=iosv_l2 52 | 53 | [cisco:vars] 54 | ansible_connection=network_cli 55 | ansible_network_os=ios 56 | 57 | [linux:vars] 58 | image_style=centos 59 | ansible_network_os="" 60 | ansible_connection=ssh 61 | 62 | [all:vars] 63 | ansible_user=root 64 | ansible_ssh_pass=testtest 65 | ansible_port=22 66 | -------------------------------------------------------------------------------- /roles/ios_vlans/tasks/l3_configure_trunk_ports.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: remove ip parameters to a trunk physical interface 3 | ios_l3_interfaces: 4 | config: 5 | - name: "{{ item.id }}" 6 | state: deleted 7 | loop: "{{ interfaces | selectattr('trunk', 'defined') | selectattr('trunk.vlan', 'undefined') | selectattr('trunk.native', 'undefined') | list }}" 8 | - name: configure tagged vlans on subinterfaces 9 | ios_config: 10 | defaults: no 11 | parents: interface {{ item.id }} 12 | lines: 13 | - encapsulation dot1Q {{ item.trunk.vlan | default('1') }} 14 | loop: "{{ interfaces | selectattr('trunk', 'defined') | list }}" 15 | when: 16 | - item.trunk.vlan is defined 17 | - name: configure native untagged vlan on a subinterface 18 | ios_config: 19 | defaults: no 20 | parents: interface {{ item.id }} 21 | lines: 22 | - encapsulation dot1Q {{ item.trunk.native | default('1') }} native 23 | loop: "{{ interfaces | selectattr('trunk', 'defined') | list }}" 24 | when: 25 | - item.trunk.native is defined 26 | -------------------------------------------------------------------------------- /roles/ios_eigrp6/tasks/enable_eigrp6.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: enable eigrp ipv6 rid 3 | ios_config: 4 | defaults: yes 5 | parents: ipv6 router eigrp {{ routing.eigrp_as }} 6 | lines: 7 | - eigrp router-id {{ routing.rid }} 8 | when: 9 | - routing.eigrp_as is defined 10 | - routing.rid is defined 11 | - name: enable eigrp ipv6 passive-interface 12 | ios_config: 13 | defaults: yes 14 | parents: ipv6 router eigrp {{ routing.eigrp_as }} 15 | lines: 16 | - passive-interface {{ item.id }} 17 | loop: "{{ interfaces | selectattr('passive', 'defined') | list }}" 18 | when: 19 | - routing.eigrp_as is defined 20 | - item.id is defined 21 | - name: enable eigrp ipv6 on interfaces 22 | ios_config: 23 | defaults: yes 24 | parents: interface {{ item.id }} 25 | lines: 26 | - ipv6 eigrp {{ routing.eigrp_as }} 27 | loop: "{{ interfaces | selectattr('eigrp6', 'defined') | list }}" 28 | when: 29 | - item.id is defined 30 | - routing.eigrp_as is defined 31 | - interfaces | selectattr('eigrp6', 'defined') | list 32 | -------------------------------------------------------------------------------- /tests/ubuntu-controller.sh: -------------------------------------------------------------------------------- 1 | !#/bin/bash 2 | 3 | hostnamectl set-hostname controller 4 | apt-get update && apt-get -y install python3-pip sshpass 5 | pip3 install pip --upgrade 6 | pip3 install ansible 7 | pip3 install paramiko 8 | pip3 install ansible-lint 9 | pip3 install netaddr 10 | pip3 install ansible-cmdb 11 | systemctl disable systemd-resolved 12 | systemctl stop systemd-resolved 13 | rm -f /etc/resolv.conf 14 | echo "nameserver 127.0.0.1" > /etc/resolv.conf 15 | echo "nameserver 1.1.1.1" >> /etc/resolv.conf 16 | apt -y install git dnsmasq 17 | cat << EOF > /etc/dnsmasq.conf 18 | interface=lo0 19 | interface=eth0 20 | dhcp-range=11.12.13.100,11.12.13.150,255.255.255.0,512h 21 | dhcp-option=3 22 | EOF 23 | cat << EOF > /etc/netplan/01-netcfg.yaml 24 | network: 25 | version: 2 26 | renderer: networkd 27 | ethernets: 28 | eth0: 29 | addresses: 30 | - 11.12.13.1/24 31 | nameservers: 32 | addresses: [127.0.0.1, 1.1.1.1] 33 | eth1: 34 | dhcp4: yes 35 | EOF 36 | netplan apply 37 | systemctl restart dnsmasq 38 | systemctl enable dnsmasq 39 | -------------------------------------------------------------------------------- /inventories/custom/ospf_neighbors/group_vars/all: -------------------------------------------------------------------------------- 1 | --- 2 | template: "{{ inventory_dir }}/templates/iosv_default_config.j2" 3 | gns3_url: "http://172.16.253.1" 4 | gns3_lab_user: "{{ ansible_user }}" 5 | gns3_lab_pass: "{{ ansible_ssh_pass }}" 6 | project_name: "ospf_neighboring_lab" 7 | gns3_nodes_spec: 8 | - name: "R1" 9 | template: "Cisco IOSv 15.7(3)M3" 10 | x: -100 11 | y: -100 12 | - name: "R2" 13 | template: "Cisco IOSv 15.7(3)M3" 14 | x: 100 15 | y: -100 16 | - name: "R3" 17 | template: "Cisco IOSv 15.7(3)M3" 18 | x: 100 19 | y: 100 20 | - name: "R4" 21 | template: "Cisco IOSv 15.7(3)M3" 22 | x: 5 23 | y: 100 24 | - name: "R5" 25 | template: "Cisco IOSv 15.7(3)M3" 26 | x: -100 27 | y: 100 28 | - name: "switch" 29 | template: "Ethernet switch" 30 | x: 0 31 | y: 0 32 | gns3_links_spec: 33 | - ["R1", "Gi0/0", "switch", "Ethernet1"] 34 | - ["R2", "Gi0/0", "switch", "Ethernet2"] 35 | - ["R3", "Gi0/0", "switch", "Ethernet3"] 36 | - ["R4", "Gi0/0", "switch", "Ethernet4"] 37 | - ["R5", "Gi0/0", "switch", "Ethernet5"] 38 | -------------------------------------------------------------------------------- /playbooks/restore_config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #restore_config.yml 3 | - name: RESTORE CONFIGURATION 4 | hosts: cisco 5 | gather_facts: no 6 | vars: 7 | src_folder: "files/default_configs" 8 | src: "{{ src_folder }}/{{ inventory_hostname }}.cfg" 9 | dest: "{{ inventory_hostname }}.cfg" 10 | options: "-o StrictHostKeyChecking=no" 11 | tasks: 12 | - name: CHECK THAT CONFIG FILE EXISTS 13 | stat: 14 | path: "{{ src }}" 15 | register: stat_result 16 | - name: RESTORE THE CONFIG 17 | block: 18 | - name: COPY RUNNING CONFIG TO THE DEVICE 19 | command: "sshpass -p {{ ansible_ssh_pass }} scp {{ options }} {{ src }} {{ inventory_hostname }}:/{{ dest }}" 20 | register: copy_output 21 | - name: CONFIG REPLACE 22 | ios_command: 23 | commands: 24 | - config replace flash:{{ dest }} force 25 | when: stat_result.stat.exists 26 | - name: ERASE REMOTE CONFIG FILE 27 | ios_command: 28 | commands: 29 | - "delete /force flash:/{{ dest }}" 30 | when: copy_output.rc == 0 31 | -------------------------------------------------------------------------------- /roles/ios_eigrp4/tasks/enable_eigrp4.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: enable eigrp4 rid 3 | ios_config: 4 | defaults: yes 5 | parents: router eigrp {{ routing.eigrp_as }} 6 | lines: 7 | - eigrp router-id {{ routing.rid }} 8 | when: 9 | - routing.eigrp_as is defined 10 | - routing.rid is defined 11 | - interfaces | selectattr('eigrp4', 'defined') | list 12 | - name: enable eigrp4 passive-interface 13 | ios_config: 14 | defaults: yes 15 | parents: router eigrp {{ routing.eigrp_as }} 16 | lines: 17 | - passive-interface {{ item.id }} 18 | loop: "{{ interfaces | selectattr('passive', 'defined') | list }}" 19 | when: 20 | - routing.eigrp_as is defined 21 | - item.id is defined 22 | - name: enable eigrp4 interfaces 23 | ios_config: 24 | defaults: no 25 | parents: router eigrp {{ routing.eigrp_as }} 26 | lines: 27 | - "network {{ item.ipv4_address | ipaddr('address') }} 0.0.0.0" 28 | loop: "{{ interfaces | selectattr('eigrp4', 'defined') | list }}" 29 | when: 30 | - routing.eigrp_as is defined 31 | - item.ipv4_address is defined 32 | -------------------------------------------------------------------------------- /roles/ios_ospfv3/tasks/enable_ospfv3.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: enable ospfv3 rid 3 | ios_config: 4 | defaults: yes 5 | parents: ipv6 router ospf {{ routing.ospf_pid | default(1) }} 6 | lines: 7 | - router-id {{ routing.rid }} 8 | when: 9 | - routing.rid is defined 10 | - interfaces | selectattr('ospfv3', 'defined') | list 11 | - name: enable ospfv3 passive-interface 12 | ios_config: 13 | defaults: yes 14 | parents: ipv6 router ospf {{ routing.ospf_pid | default(1) }} 15 | lines: 16 | - passive-interface {{ item.id }} 17 | loop: "{{ interfaces | selectattr('passive', 'defined') | list }}" 18 | when: 19 | - item is defined 20 | - interfaces | selectattr('ospfv3', 'defined') | list 21 | - name: enable ospfv3 on interfaces 22 | ios_config: 23 | defaults: yes 24 | parents: interface {{ item.id }} 25 | lines: 26 | - "ipv6 ospf {{ routing.ospf_pid | default(1) }} area {{ item.ospfv3.area }}" 27 | loop: "{{ interfaces | selectattr('ospfv3', 'defined') | list }}" 28 | when: 29 | - item.id is defined 30 | - item.ospfv2.area is defined 31 | -------------------------------------------------------------------------------- /roles/ios_ospfv2/tasks/enable_ospfv2.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: enable ospfv2 rid 3 | ios_config: 4 | defaults: yes 5 | parents: router ospf {{ routing.ospf_pid | default(1) }} 6 | lines: 7 | - router-id {{ routing.rid }} 8 | when: 9 | - routing.rid is defined 10 | - interfaces | selectattr('ospfv2', 'defined') | list 11 | - name: enable ospfv2 passive-interface 12 | ios_config: 13 | defaults: yes 14 | parents: router ospf {{ routing.ospf_pid | default(1) }} 15 | lines: 16 | - passive-interface {{ item.id }} 17 | loop: "{{ interfaces | selectattr('passive', 'defined') | list }}" 18 | when: 19 | - item is defined 20 | - name: enable ospfv2 interfaces 21 | ios_config: 22 | defaults: yes 23 | parents: router ospf {{ routing.ospf_pid | default(1) }} 24 | lines: 25 | - "network {{ item.ipv4_address | ipaddr('network') }} {{ item.ipv4_address | ipaddr('hostmask') }} area {{ item.ospfv2.area }}" 26 | loop: "{{ interfaces | selectattr('ospfv2', 'defined') | list }}" 27 | when: 28 | - item.ipv4_address is defined 29 | - item.ospfv2.area is defined 30 | -------------------------------------------------------------------------------- /roles/ios_fhrp/tasks/configure_fhrp.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: configure fhrp - ipv4 address 3 | ios_config: 4 | defaults: yes 5 | parents: interface {{ item.id }} 6 | lines: "{{ item.mode }} {{ item.group }} ip {{ item.address }}" 7 | loop: "{{ routing.fhrp }}" 8 | when: item.protocol == 'ipv4' 9 | - name: configure fhrp - ipv6 address 10 | ios_config: 11 | defaults: yes 12 | parents: interface {{ item.id }} 13 | lines: 14 | - "{{ item.mode }} version 2" 15 | - "{{ item.mode }} {{ item.group }} ipv6 {{ item.address }}" 16 | loop: "{{ routing.fhrp }}" 17 | when: item.protocol == 'ipv6' 18 | - name: configure fhrp - priority 19 | ios_config: 20 | defaults: yes 21 | parents: interface {{ item.id }} 22 | lines: "{{ item.mode }} {{ item.group }} priority {{ item.priority }}" 23 | loop: "{{ routing.fhrp }}" 24 | when: item.priority is defined 25 | - name: configure fhrp - preemption 26 | ios_config: 27 | defaults: yes 28 | parents: interface {{ item.id }} 29 | lines: "{{ item.mode }} {{ item.group }} preempt" 30 | loop: "{{ routing.fhrp }}" 31 | when: item.preempt == 'True' 32 | -------------------------------------------------------------------------------- /roles/ios_vlans/tasks/secure_switchports.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: disable stub switchports 3 | ios_interfaces: 4 | config: 5 | - name: "{{ item.id }}" 6 | enabled: False 7 | loop: "{{ interfaces }}" 8 | when: item.stub is defined 9 | - name: create stub vlan 10 | ios_vlans: 11 | config: 12 | - name: "{{ stubvlan.name }}" 13 | vlan_id: "{{ stubvlan.id }}" 14 | state: active 15 | shutdown: disabled 16 | when: 17 | - stubvlan is defined 18 | - name: configure stub access ports 19 | ios_config: 20 | defaults: yes 21 | parents: interface {{ item.id }} 22 | lines: 23 | - switchport mode access 24 | - switchport access vlan {{ stubvlan.id }} 25 | loop: "{{ interfaces }}" 26 | when: 27 | - stubvlan is defined 28 | - item.stub is defined 29 | - name: stp protection on stub access ports 30 | ios_config: 31 | defaults: yes 32 | parents: interface {{ item.id }} 33 | lines: 34 | - spanning-tree portfast edge 35 | - spanning-tree bpduguard enable 36 | loop: "{{ interface }}" 37 | when: 38 | - stubvlan is defined 39 | - item.stub is defined 40 | -------------------------------------------------------------------------------- /inventories/ccnp/01_01_02_inter_vlan_routing/host_vars/R1: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: R1 3 | ipv6: 4 | enabled: yes 5 | forwarding: yes 6 | interfaces: 7 | - id: GigabitEthernet0/0 8 | description: "Link to DS1" 9 | ipv4_address: 10.1.13.1/24 10 | ipv6_addresses: 11 | - 'fe80::1:1' 12 | - '2001:db8:acad:10d1::1/64' 13 | static: 14 | - destination: 10.2.0.0/16 15 | next_hop: 10.1.13.13 16 | ad: 1 17 | state: present 18 | - destination: '2001:db8:acad:1050::/64' 19 | next_hop: 'fe80::d1:1' 20 | ad: 1 21 | state: present 22 | - destination: '2001:db8:acad:1060::/64' 23 | next_hop: 'fe80::d1:1' 24 | ad: 1 25 | state: present 26 | - id: GigabitEthernet0/3 27 | description: "Link to R3" 28 | ipv4_address: 10.1.3.1/24 29 | ipv6_addresses: 30 | - 'fe80::1:2' 31 | - '2001:db8:acad:1013::1/64' 32 | static: 33 | - destination: 0.0.0.0/0 34 | next_hop: 10.1.3.3 35 | ad: 1 36 | state: present 37 | - destination: '::/0' 38 | next_hop: 'fe80::3:1' 39 | ad: 1 40 | state: present 41 | -------------------------------------------------------------------------------- /inventories/gateway/group_vars/all: -------------------------------------------------------------------------------- 1 | --- 2 | template: "templates/iosv_default_config.j2" 3 | gns3_url: "http://172.16.253.1" 4 | gns3_lab_user: "{{ ansible_user }}" 5 | gns3_lab_pass: "{{ ansible_ssh_pass }}" 6 | project_name: "gateway_lab" 7 | gns3_nodes_spec: 8 | - name: "controller" 9 | template: "controller" 10 | x: -250 11 | y: 100 12 | - name: "R1" 13 | template: "Cisco IOSv 15.7(3)M3" 14 | x: -100 15 | y: -100 16 | - name: "S1" 17 | template: "Ethernet switch" 18 | x: -105 19 | y: 15 20 | - name: "nat0" 21 | template: "NAT" 22 | x: 0 23 | y: -100 24 | - name: "PC1" 25 | template: "VPCS" 26 | x: -100 27 | y: 100 28 | - name: "ctrl0" 29 | template: "Ethernet switch" 30 | x: -255 31 | y: 15 32 | - name: "nat1" 33 | template: "NAT" 34 | x: -450 35 | y: 100 36 | gns3_links_spec: 37 | - ["R1", "Gi0/1", "nat0", "nat0"] 38 | - ["R1", "Gi0/0", "S1", "Ethernet0"] 39 | - ["S1", "Ethernet1", "PC1", "Ethernet0"] 40 | - ["R1", "Gi0/7", "ctrl0", "Ethernet1"] 41 | - ["ctrl0", "Ethernet0", "controller", "Ethernet0"] 42 | - ["controller", "Ethernet1", "nat1", "nat0"] 43 | -------------------------------------------------------------------------------- /inventories/custom/etherchannel/group_vars/all: -------------------------------------------------------------------------------- 1 | --- 2 | template: "{{ inventory_dir }}/templates/iosv_default_config.j2" 3 | gns3_url: "http://172.16.253.1" 4 | gns3_lab_user: "{{ ansible_user }}" 5 | gns3_lab_pass: "{{ ansible_ssh_pass }}" 6 | project_name: "etherchannel_lab" 7 | gns3_nodes_spec: 8 | - name: "SW0" 9 | template: "Cisco IOSvL2 15.2.1" 10 | x: -100 11 | y: 0 12 | - name: "SW1" 13 | template: "Cisco IOSvL2 15.2.1" 14 | x: 100 15 | y: 0 16 | - name: "PC1" 17 | template: "linux-pc" 18 | x: -200 19 | y: -50 20 | - name: "PC2" 21 | template: "linux-pc" 22 | x: -200 23 | y: 50 24 | - name: "PC3" 25 | template: "linux-pc" 26 | x: 200 27 | y: -50 28 | - name: "PC4" 29 | template: "linux-pc" 30 | x: 200 31 | y: 50 32 | gns3_links_spec: 33 | - ["SW0", "Gi0/0", "SW1", "Gi0/0"] 34 | - ["SW0", "Gi0/1", "SW1", "Gi0/1"] 35 | - ["SW0", "Gi0/2", "SW1", "Gi0/2"] 36 | - ["SW0", "Gi0/3", "SW1", "Gi0/3"] 37 | - ["SW0", "Gi3/0", "PC1", "Ethernet0"] 38 | - ["SW1", "Gi3/0", "PC3", "Ethernet0"] 39 | - ["SW0", "Gi3/1", "PC2", "Ethernet0"] 40 | - ["SW1", "Gi3/1", "PC4", "Ethernet0"] 41 | -------------------------------------------------------------------------------- /roles/ios_ipv6/tasks/configure_ipv6_addresses.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: enable ipv6 and configure link-local address 3 | ios_config: 4 | defaults: yes 5 | parents: "interface {{ item.0.id }}" 6 | lines: 7 | - "ipv6 enable" 8 | - "ipv6 address {{ item.1 | ipaddr('address') | upper }} link-local" 9 | loop: "{{ interfaces|subelements('ipv6_addresses', skip_missing=True) }}" 10 | when: 11 | - item.1 | ipaddr('FE80::/16') 12 | failed_when: not item.1 | ipaddr('FE80::/16') 13 | - name: configure ula/uga ipv6 addresses 14 | # ios_l3_interfaces: 15 | # config: 16 | ## - name: "{{ item.0.id }}" 17 | ## ipv6: 18 | ## - address: "{{ item.1 }}" 19 | ios_config: 20 | defaults: yes 21 | parents: "interface {{ item.0.id }}" 22 | lines: 23 | - "ipv6 address {{ item.1 | ipaddr('host/prefix') | upper }}" 24 | loop: "{{ interfaces|subelements('ipv6_addresses', skip_missing=True) }}" 25 | when: > 26 | item.1 | ipaddr('FD00::/8') or 27 | item.1 | ipaddr('2000::/3') 28 | failed_when: 29 | - not item.1 | ipaddr('FD00::/8') 30 | - not item.1 | ipaddr('2000::/3') 31 | - not item.1 | ipaddr('host/prefix') 32 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 David Flores 4 | Copyright (c) 2021 François Goffinet 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy 7 | of this software and associated documentation files (the "Software"), to deal 8 | in the Software without restriction, including without limitation the rights 9 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | copies of the Software, and to permit persons to whom the Software is 11 | furnished to do so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in all 14 | copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | SOFTWARE. 23 | -------------------------------------------------------------------------------- /inventories/ccnp/01_01_02_inter_vlan_routing/host_vars/R3: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: R3 3 | ipv6: 4 | enabled: yes 5 | forwarding: yes 6 | interfaces: 7 | - id: GigabitEthernet0/0 8 | description: "Trunk LAN to DS2" 9 | trunk: 10 | - id: GigabitEthernet0/0.75 11 | description: "VLAN 75 to DS2" 12 | trunk: 13 | vlan: 75 14 | ipv4_address: 10.3.75.1/24 15 | ipv6_addresses: 16 | - 'fe80::3:2' 17 | - '2001:db8:acad:3075::1/64' 18 | - id: GigabitEthernet0/0.85 19 | description: "VLAN 85 to DS2" 20 | trunk: 21 | vlan: 85 22 | ipv4_address: 10.3.85.1/24 23 | ipv6_addresses: 24 | - 'fe80::3:3' 25 | - '2001:db8:acad:3085::1/64' 26 | - id: GigabitEthernet0/0.999 27 | description: "VLAN 999 native" 28 | trunk: 29 | native: 999 30 | - id: GigabitEthernet0/1 31 | description: "Link to R1" 32 | ipv4_address: 10.1.3.3/24 33 | ipv6_addresses: 34 | - 'fe80::3:1' 35 | - '2001:db8:acad:1013::3/64' 36 | static: 37 | - destination: 0.0.0.0/0 38 | next_hop: 10.1.3.1 39 | ad: 1 40 | state: present 41 | - destination: '::/0' 42 | next_hop: '2001:db8:acad:1013::1' 43 | ad: 1 44 | state: present 45 | -------------------------------------------------------------------------------- /inventories/custom/etherchannel/templates/iosv_default_config.j2: -------------------------------------------------------------------------------- 1 | configure terminal 2 | hostname {{ inventory_hostname }} 3 | {% if mgmt_interface is defined %} 4 | interface {{ mgmt_interface }} 5 | {% if image_style == "iosv_l2" %} 6 | no switchport 7 | {% endif %} 8 | ip address dhcp 9 | no cdp enable 10 | no shutdown 11 | {% endif %} 12 | {% if image_style == "iosv_l2" %} 13 | int G3/0 14 | switchport mode access 15 | switchport access vlan 10 16 | int G3/1 17 | switchport mode access 18 | switchport access vlan 20 19 | interface range G0/0-1 20 | switchport trunk encapsulation dot1q 21 | switchport mode trunk 22 | vlan10 23 | vlan20 24 | {% endif %} 25 | {% if inventory_hostname == "SW0" and image_style == "iosv_l2" %} 26 | spanning-tree vlan 10 root primary 27 | spanning-tree vlan 20 root secondary 28 | {% endif %} 29 | {% if inventory_hostname == "SW1" and image_style == "iosv_l2" %} 30 | spanning-tree vlan 20 root primary 31 | spanning-tree vlan 10 root secondary 32 | {% endif %} 33 | ip domain-name lan 34 | username {{ gns3_lab_user }} privilege 15 password {{ gns3_lab_pass }} 35 | crypto key generate rsa modulus 2048 36 | ip ssh version 2 37 | ip scp server enable 38 | line vty 0 4 39 | login local 40 | transport input ssh 41 | end 42 | write memory 43 | -------------------------------------------------------------------------------- /roles/ios_vlans/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: create_vlans.yml 3 | when: 4 | - ansible_network_os == 'ios' 5 | - vlans is defined 6 | - "'routers' not in group_names" 7 | - "'switches' in group_names" 8 | tags: 9 | - create_vlans 10 | - vlans 11 | - l2 12 | - import_tasks: configure_access_ports.yml 13 | when: 14 | - ansible_network_os == 'ios' 15 | - "'routers' not in group_names" 16 | - "'switches' in group_names" 17 | tags: 18 | - access 19 | - vlans 20 | - l2 21 | - import_tasks: configure_trunk_ports.yml 22 | when: 23 | - ansible_network_os == 'ios' 24 | - "'routers' not in group_names" 25 | - "'switches' in group_names" 26 | tags: 27 | - trunk 28 | - vlans 29 | - l2 30 | - import_tasks: l3_configure_trunk_ports.yml 31 | when: 32 | - ansible_network_os == 'ios' 33 | - "'switches' not in group_names" 34 | - "'routers' in group_names" 35 | tags: 36 | - trunk 37 | - vlans 38 | - l2 39 | - import_tasks: secure_switchports.yml 40 | when: 41 | - ansible_network_os == 'ios' 42 | - "'routers' not in group_names" 43 | - "'switches' in group_names" 44 | - stubvlan is defined 45 | tags: 46 | - secure_switch 47 | - l2 48 | - vlans 49 | -------------------------------------------------------------------------------- /inventories/ccnp/01_01_02_inter_vlan_routing/host_vars/DS2: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: DS2 3 | ipv6: 4 | enabled: yes 5 | vlans: 6 | - id: 75 7 | name: Group75 8 | - id: 85 9 | name: Group85 10 | interfaces: 11 | - id: GigabitEthernet2/2 12 | description: "PC3 vlan 75 access port" 13 | access: 14 | vlan: 75 15 | - id: GigabitEthernet2/3 16 | description: "PC4 vlan 85 access port" 17 | access: 18 | vlan: 85 19 | - id: Vlan75 20 | description: "Management interface" 21 | ipv4_address: 172.16.0.2/24 22 | gateway: 172.16.0.254 23 | - id: GigabitEthernet1/0 24 | description: "Trunk to R3" 25 | trunk: 26 | native: 999 27 | - id: GigabitEthernet0/2 28 | description: "Stub interface" 29 | stub: true 30 | - id: GigabitEthernet0/3 31 | description: "Stub interface" 32 | stub: true 33 | - id: GigabitEthernet1/2 34 | description: "Stub interface" 35 | stub: true 36 | - id: GigabitEthernet1/3 37 | description: "Stub interface" 38 | stub: true 39 | - id: GigabitEthernet3/0 40 | description: "Stub interface" 41 | stub: true 42 | - id: GigabitEthernet3/1 43 | description: "Stub interface" 44 | stub: true 45 | - id: GigabitEthernet3/2 46 | description: "Stub interface" 47 | stub: true 48 | -------------------------------------------------------------------------------- /inventories/custom/startup_linux/group_vars/all: -------------------------------------------------------------------------------- 1 | --- 2 | template: "{{ inventory_dir }}/templates/iosv_default_config.j2" 3 | gns3_url: "http://172.16.253.1" 4 | gns3_lab_user: "{{ ansible_user }}" 5 | gns3_lab_pass: "{{ ansible_ssh_pass }}" 6 | project_name: "startup_linux_lab" 7 | gns3_nodes_spec: 8 | - name: "GATEWAY" 9 | template: "gateway" 10 | #template: "Cisco IOSv 15.7(3)M3" 11 | x: 0 12 | y: -200 13 | - name: "SW0" 14 | template: "Cisco IOSvL2 15.2.1" 15 | x: 0 16 | y: -100 17 | - name: "NAT" 18 | template: "NAT" 19 | x: 100 20 | y: -200 21 | - name: "PC1" 22 | template: "linux-pc" 23 | x: -100 24 | y: -100 25 | - name: "PC2" 26 | template: "linux-pc" 27 | x: -100 28 | y: 0 29 | - name: "PC3" 30 | template: "linux-pc" 31 | x: 100 32 | y: -100 33 | - name: "PC4" 34 | template: "linux-pc" 35 | x: 100 36 | y: 0 37 | gns3_links_spec: 38 | # - ["GATEWAY", "Gi0/1", "NAT", "nat0"] 39 | # - ["GATEWAY", "Gi0/0", "SW0", "Gi0/0"] 40 | - ["GATEWAY", "Ethernet1", "NAT", "nat0"] 41 | - ["GATEWAY", "Ethernet0", "SW0", "Gi0/0"] 42 | - ["SW0", "Gi1/0", "PC1", "Ethernet0"] 43 | - ["SW0", "Gi1/1", "PC2", "Ethernet0"] 44 | - ["SW0", "Gi1/2", "PC3", "Ethernet0"] 45 | - ["SW0", "Gi1/3", "PC4", "Ethernet0"] 46 | -------------------------------------------------------------------------------- /tests/setup-controller.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo "start: $(date)" >> /root/setup.log 4 | hostnamectl set-hostname controller 5 | systemctl disable systemd-resolved 6 | systemctl stop systemd-resolved 7 | rm -f /etc/resolv.conf 8 | echo "nameserver 127.0.0.1" > /etc/resolv.conf 9 | echo "nameserver 1.1.1.1" >> /etc/resolv.conf 10 | chattr +i /etc/resolv.conf 11 | yum -y install dnsmasq 12 | systemctl enable dnsmasq 13 | cat << EOF > /etc/dnsmasq.conf 14 | interface=lo0 15 | interface=eth0 16 | dhcp-range=11.12.13.100,11.12.13.150,255.255.255.0,512h 17 | dhcp-option=3 18 | EOF 19 | sed -i 's/^#\$ModLoad imudp/$ModLoad imudp/g' /etc/rsyslog.conf 20 | sed -i 's/^#\$UDPServerRun 514/$UDPServerRun 514/g' /etc/rsyslog.conf 21 | sed -i 's/^#\$ModLoad imtcp/$ModLoad imtcp/g' /etc/rsyslog.conf 22 | sed -i 's/^#\$InputTCPServerRun 514/$InputTCPServerRun 514/g' /etc/rsyslog.conf 23 | systemctl restart rsyslog 24 | firewall-cmd --permanent --add-service dhcp 25 | firewall-cmd --permanent --add-service dns 26 | firewall-cmd --permanent --add-service syslog 27 | firewall-cmd --reload 28 | systemctl start dnsmasq 29 | yum -y install python3-pip sshpass python3-paramiko python3-netaddr python3-ansible-lint ansible git 30 | git clone https://github.com/goffinet/ansible-ccna-lab 31 | echo "end: $(date)" >> /root/setup.log 32 | -------------------------------------------------------------------------------- /inventories/bipod/host_vars/R1: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: R1 3 | interfaces: 4 | - id: GigabitEthernet0/0 5 | description: "LAN R1" 6 | ipv4_address: 192.168.1.1/24 7 | ipv6_addresses: 8 | - 'FE80::1' 9 | - '2001:DB8:1AB:1::1/64' 10 | passive: 11 | rip: 12 | - id: GigabitEthernet0/1 13 | description: "Internet connexion ip nat outside" 14 | ipv4_address: dhcp 15 | - id: GigabitEthernet0/2 16 | description: "Link to R2" 17 | ipv4_address: 192.168.3.1/24 18 | ipv6_addresses: 19 | - 'FE80::1' 20 | static: 21 | - destination: 192.168.2.0/24 22 | next_hop: 192.168.3.2 23 | ad: 200 24 | state: present 25 | - destination: '2001:DB8:1AB:2::/64' 26 | next_hop: 'FE80::2' 27 | ad: 200 28 | state: present 29 | rip: 30 | routing: 31 | rid: 1.1.1.1 32 | eigrp_as: 1 33 | dhcp: 34 | dhcp_pool: 35 | - id: "LANR1" 36 | network: 192.168.1.0 37 | netmask: 255.255.255.0 38 | router: 192.168.1.1 39 | dns: 192.168.1.1 40 | dhcp_excluded: 41 | - start: 192.168.1.1 42 | end: 192.168.1.100 43 | nat: 44 | name: "LANS" 45 | inside: 46 | - GigabitEthernet0/0 47 | - GigabitEthernet0/2 48 | outside: GigabitEthernet0/1 49 | sources: 50 | - "192.168.1.0 0.0.0.255" 51 | - "192.168.2.0 0.0.1.255" 52 | -------------------------------------------------------------------------------- /inventories/custom/osseclab/templates/openwrt_config.j2: -------------------------------------------------------------------------------- 1 | passwd {{ ansible_ssh_pass }} 2 | uci set network.lan2=interface 3 | uci set network.lan2.type='bridge' 4 | uci set network.lan2.ifname='eth2' 5 | uci set network.lan2.proto='static' 6 | uci set network.lan2.ipaddr='192.168.2.1' 7 | uci set network.lan2.netmask='255.255.255.0' 8 | uci set network.lan2.ip6assign='60' 9 | uci set network.management=interface 10 | uci set network.management.type='bridge' 11 | uci set network.management.ifname='eth3' 12 | uci set network.management.proto='dhcp' 13 | uci commit network 14 | /etc/init.d/network restart 15 | uci set dhcp.lan.domain='{{ domain }}' 16 | uci set dhcp.lan2.domain='{{ domain }}' 17 | uci set dhcp.lan2=dhcp 18 | uci set dhcp.lan2.interface='lan2' 19 | uci set dhcp.lan2.start='100' 20 | uci set dhcp.lan2.limit='150' 21 | uci set dhcp.lan2.leasetime='12h' 22 | uci set dhcp.lan2.dhcpv6='server' 23 | uci set dhcp.lan2.ra='server' 24 | uci commit dhcp 25 | /etc/init.d/odhcpd restart 26 | uci set firewall.@zone[0].network="$(uci get firewall.@zone[0].network) lan2" 27 | uci commit firewall 28 | /etc/init.d/firewall restart 29 | uci set system.@system[0].hostname="{{ hostname }}" 30 | uci commit system 31 | echo $(uci get system.@system[0].hostname) > /proc/sys/kernel/hostname 32 | /etc/init.d/dnsmasq reload 33 | opkg update && opkg install python3 openssh-sftp-server 34 | -------------------------------------------------------------------------------- /inventories/custom/osseclab_minimal/templates/openwrt_config.j2: -------------------------------------------------------------------------------- 1 | passwd {{ ansible_ssh_pass }} 2 | uci set network.lan2=interface 3 | uci set network.lan2.type='bridge' 4 | uci set network.lan2.ifname='eth2' 5 | uci set network.lan2.proto='static' 6 | uci set network.lan2.ipaddr='192.168.2.1' 7 | uci set network.lan2.netmask='255.255.255.0' 8 | uci set network.lan2.ip6assign='60' 9 | uci set network.management=interface 10 | uci set network.management.type='bridge' 11 | uci set network.management.ifname='eth3' 12 | uci set network.management.proto='dhcp' 13 | uci commit network 14 | /etc/init.d/network restart 15 | uci set dhcp.lan.domain='{{ domain }}' 16 | uci set dhcp.lan2.domain='{{ domain }}' 17 | uci set dhcp.lan2=dhcp 18 | uci set dhcp.lan2.interface='lan2' 19 | uci set dhcp.lan2.start='100' 20 | uci set dhcp.lan2.limit='150' 21 | uci set dhcp.lan2.leasetime='12h' 22 | uci set dhcp.lan2.dhcpv6='server' 23 | uci set dhcp.lan2.ra='server' 24 | uci commit dhcp 25 | /etc/init.d/odhcpd restart 26 | uci set firewall.@zone[0].network="$(uci get firewall.@zone[0].network) lan2" 27 | uci commit firewall 28 | /etc/init.d/firewall restart 29 | uci set system.@system[0].hostname="{{ hostname }}" 30 | uci commit system 31 | echo $(uci get system.@system[0].hostname) > /proc/sys/kernel/hostname 32 | /etc/init.d/dnsmasq reload 33 | opkg update && opkg install python3 openssh-sftp-server 34 | -------------------------------------------------------------------------------- /inventories/tripod/host_vars/R2: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: R2 3 | interfaces: 4 | - id: GigabitEthernet0/0 5 | description: "LAN R2" 6 | ipv4_address: 192.168.33.1/24 7 | passive: 8 | rip: 9 | eigrp4: 10 | ospfv2: 11 | area: 0 12 | cost: 1 13 | pri: 255 14 | ipv6_addresses: 15 | - 'FE80::2' 16 | - 'FD00:FD00:FD00:2::1/64' 17 | eigrp6: 18 | ospfv3: 19 | area: 0 20 | cost: 1 21 | pri: 255 22 | - id: GigabitEthernet0/1 23 | description: "Link to R1" 24 | ipv4_address: 192.168.225.2/24 25 | rip: 26 | eigrp4: 27 | ospfv2: 28 | area: 0 29 | cost: 1 30 | pri: 255 31 | ipv6_addresses: 32 | - 'FE80::2' 33 | eigrp6: 34 | ospfv3: 35 | area: 0 36 | cost: 1 37 | pri: 255 38 | - id: GigabitEthernet0/3 39 | description: "Link to R3" 40 | ipv4_address: 192.168.227.1/24 41 | rip: 42 | eigrp4: 43 | ospfv2: 44 | area: 0 45 | cost: 1 46 | pri: 255 47 | ipv6_addresses: 48 | - 'FE80::2' 49 | eigrp6: 50 | ospfv3: 51 | area: 0 52 | cost: 1 53 | pri: 255 54 | routing: 55 | rid: 2.2.2.2 56 | eigrp_as: 1 57 | dhcp: 58 | dhcp_pool: 59 | - id: "LANR2" 60 | network: 192.168.33.0 61 | netmask: 255.255.255.0 62 | router: 192.168.33.1 63 | dns: 192.168.33.1 64 | -------------------------------------------------------------------------------- /inventories/tripod/host_vars/R3: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: R3 3 | interfaces: 4 | - id: GigabitEthernet0/0 5 | description: "LAN R3" 6 | ipv4_address: 192.168.65.1/24 7 | passive: 8 | rip: 9 | eigrp4: 10 | ospfv2: 11 | area: 0 12 | cost: 1 13 | pri: 255 14 | ipv6_addresses: 15 | - 'FE80::3' 16 | - 'FD00:FD00:FD00:3::1/64' 17 | eigrp6: 18 | ospfv3: 19 | area: 0 20 | cost: 1 21 | pri: 255 22 | - id: GigabitEthernet0/1 23 | description: "Link to R1" 24 | ipv4_address: 192.168.226.2/24 25 | rip: 26 | eigrp4: 27 | ospfv2: 28 | area: 0 29 | cost: 1 30 | pri: 255 31 | ipv6_addresses: 32 | - 'FE80::3' 33 | eigrp6: 34 | ospfv3: 35 | area: 0 36 | cost: 1 37 | pri: 255 38 | - id: GigabitEthernet0/2 39 | description: "Link to R2" 40 | ipv4_address: 192.168.227.2/24 41 | rip: 42 | eigrp4: 43 | ospfv2: 44 | area: 0 45 | cost: 1 46 | pri: 255 47 | ipv6_addresses: 48 | - 'FE80::3' 49 | eigrp6: 50 | ospfv3: 51 | area: 0 52 | cost: 1 53 | pri: 255 54 | routing: 55 | rid: 3.3.3.3 56 | eigrp_as: 1 57 | dhcp: 58 | dhcp_pool: 59 | - id: "LANR3" 60 | network: 192.168.65.0 61 | netmask: 255.255.255.0 62 | router: 192.168.65.1 63 | dns: 192.168.65.1 64 | -------------------------------------------------------------------------------- /inventories/custom/ospf_multiarea/host_vars/R2: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: R2 3 | interfaces: 4 | - id: GigabitEthernet0/0 5 | description: "LAN R2" 6 | ipv4_address: 192.168.33.1/24 7 | passive: 8 | rip: 9 | eigrp4: 10 | ospfv2: 11 | area: 0 12 | cost: 1 13 | pri: 255 14 | ipv6_addresses: 15 | - 'FE80::2' 16 | - 'FD00:FD00:FD00:2::1/64' 17 | eigrp6: 18 | ospfv3: 19 | area: 0 20 | cost: 1 21 | pri: 255 22 | - id: GigabitEthernet0/1 23 | description: "Link to R1" 24 | ipv4_address: 192.168.225.2/24 25 | rip: 26 | eigrp4: 27 | ospfv2: 28 | area: 0 29 | cost: 1 30 | pri: 255 31 | ipv6_addresses: 32 | - 'FE80::2' 33 | eigrp6: 34 | ospfv3: 35 | area: 0 36 | cost: 1 37 | pri: 255 38 | - id: GigabitEthernet0/3 39 | description: "Link to R3" 40 | ipv4_address: 192.168.227.1/24 41 | rip: 42 | eigrp4: 43 | ospfv2: 44 | area: 0 45 | cost: 1 46 | pri: 255 47 | ipv6_addresses: 48 | - 'FE80::2' 49 | eigrp6: 50 | ospfv3: 51 | area: 0 52 | cost: 1 53 | pri: 255 54 | routing: 55 | rid: 2.2.2.2 56 | eigrp_as: 1 57 | dhcp: 58 | dhcp_pool: 59 | - id: "LANR2" 60 | network: 192.168.33.0 61 | netmask: 255.255.255.0 62 | router: 192.168.33.1 63 | dns: 192.168.33.1 64 | -------------------------------------------------------------------------------- /inventories/custom/ospf_multiarea/host_vars/R3: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: R3 3 | interfaces: 4 | - id: GigabitEthernet0/0 5 | description: "LAN R3" 6 | ipv4_address: 192.168.65.1/24 7 | passive: 8 | rip: 9 | eigrp4: 10 | ospfv2: 11 | area: 0 12 | cost: 1 13 | pri: 255 14 | ipv6_addresses: 15 | - 'FE80::3' 16 | - 'FD00:FD00:FD00:3::1/64' 17 | eigrp6: 18 | ospfv3: 19 | area: 0 20 | cost: 1 21 | pri: 255 22 | - id: GigabitEthernet0/1 23 | description: "Link to R1" 24 | ipv4_address: 192.168.226.2/24 25 | rip: 26 | eigrp4: 27 | ospfv2: 28 | area: 0 29 | cost: 1 30 | pri: 255 31 | ipv6_addresses: 32 | - 'FE80::3' 33 | eigrp6: 34 | ospfv3: 35 | area: 0 36 | cost: 1 37 | pri: 255 38 | - id: GigabitEthernet0/2 39 | description: "Link to R2" 40 | ipv4_address: 192.168.227.2/24 41 | rip: 42 | eigrp4: 43 | ospfv2: 44 | area: 0 45 | cost: 1 46 | pri: 255 47 | ipv6_addresses: 48 | - 'FE80::3' 49 | eigrp6: 50 | ospfv3: 51 | area: 0 52 | cost: 1 53 | pri: 255 54 | routing: 55 | rid: 3.3.3.3 56 | eigrp_as: 1 57 | dhcp: 58 | dhcp_pool: 59 | - id: "LANR3" 60 | network: 192.168.65.0 61 | netmask: 255.255.255.0 62 | router: 192.168.65.1 63 | dns: 192.168.65.1 64 | -------------------------------------------------------------------------------- /roles/ios_ipv4/tasks/configure_ipv4_addresses.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: configure ipv4 addresses 3 | ios_l3_interfaces: 4 | config: 5 | - name: "{{ item.id }}" 6 | ipv4: 7 | - address: "{{ item.ipv4_address | ipaddr('host/prefix') }}" 8 | loop: "{{ interfaces }}" 9 | when: 10 | - item.id is defined 11 | - item.trunk.vlan is undefined 12 | - item.ipv4_address is defined 13 | - item.ipv4_address | ipv4 14 | failed_when: 15 | - not item.ipv4_address | ipaddr('host/prefix') 16 | - name: configure ipv4 addresses on a trunk 17 | ios_config: 18 | defaults: no 19 | parents: interface {{ item.id }} 20 | lines: 21 | - ip address {{ item.ipv4_address | ipaddr('address') }} {{ item.ipv4_address | ipaddr('netmask') }} 22 | loop: "{{ interfaces | selectattr('trunk', 'defined') | list }}" 23 | when: 24 | - item.id is defined 25 | - item.trunk.vlan is defined 26 | - item.ipv4_address is defined 27 | - item.ipv4_address | ipv4 28 | failed_when: 29 | - not item.ipv4_address | ipaddr('host/prefix') 30 | - name: configure ipv4 addresses as dhcp client 31 | ios_l3_interfaces: 32 | config: 33 | - name: "{{ item.id }}" 34 | ipv4: 35 | - address: "dhcp" 36 | loop: "{{ interfaces }}" 37 | when: 38 | - item.id is defined 39 | - item.ipv4_address is defined 40 | - item.ipv4_address == 'dhcp' 41 | -------------------------------------------------------------------------------- /tests/almalinux9-controller.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo "start: $(date)" >> /root/setup.log 4 | hostnamectl set-hostname controller 5 | echo -e "[main]\ndns=none" > /etc/NetworkManager/conf.d/90-dns-none.conf 6 | systemctl reload NetworkManager 7 | rm -f /etc/resolv.conf 8 | echo "nameserver 127.0.0.1" > /etc/resolv.conf 9 | echo "nameserver 1.1.1.1" >> /etc/resolv.conf 10 | chattr +i /etc/resolv.conf 11 | dnf -y install dnsmasq 12 | systemctl enable dnsmasq 13 | cat << EOF > /etc/dnsmasq.conf 14 | interface=lo0 15 | interface=eth0 16 | dhcp-range=11.12.13.100,11.12.13.150,255.255.255.0,512h 17 | dhcp-option=3 18 | EOF 19 | cat << EOF > /etc/sysconfig/network-scripts/ifcfg-eth0 20 | DEVICE=eth0 21 | BOOTPROTO=none 22 | ONBOOT=yes 23 | TYPE=Ethernet 24 | IPADDR=11.12.13.1 25 | PREFIX=24 26 | IPV4_FAILURE_FATAL=no 27 | DNS1=127.0.0.1 28 | EOF 29 | sed -i 's/^#\$ModLoad imudp/$ModLoad imudp/g' /etc/rsyslog.conf 30 | sed -i 's/^#\$UDPServerRun 514/$UDPServerRun 514/g' /etc/rsyslog.conf 31 | sed -i 's/^#\$ModLoad imtcp/$ModLoad imtcp/g' /etc/rsyslog.conf 32 | sed -i 's/^#\$InputTCPServerRun 514/$InputTCPServerRun 514/g' /etc/rsyslog.conf 33 | systemctl restart rsyslog 34 | firewall-cmd --permanent --add-service dhcp 35 | firewall-cmd --permanent --add-service dns 36 | firewall-cmd --permanent --add-service syslog 37 | firewall-cmd --reload 38 | systemctl start dnsmasq 39 | echo "end: $(date)" >> /root/setup.log 40 | -------------------------------------------------------------------------------- /galaxy.yml: -------------------------------------------------------------------------------- 1 | ### requried 2 | # this can be a company/brand or product namespace under which all content lives 3 | namespace: goffinet 4 | # the designation of this specific collection 5 | name: ansible-ccna-lab 6 | # semantic versioning compliant version designation 7 | version: 0 8 | # a list of the collection's content authors: 'Full Name (http://site) @nicks:irc/im/site#channel' 9 | authors: 10 | - "goffinet (https://cisco.goffinet.org)" 11 | readme: "README.md" 12 | ### optional but strongly advised 13 | # short summary of the collection 14 | description: CCNA Labs ported on Ansible - for education purpose only - IOSv and IOSvL2 support only 15 | # a valid SPDX license identifier https://spdx.org/licenses/ 16 | license: 17 | - "MIT" 18 | # list of keywords you want to associate the collection with for indexing/search systems 19 | tags: 20 | - cisco 21 | - iosv 22 | - ccna 23 | - gns3 24 | # list of dependencies, other collections this collection requires to be installed for it to be usable 25 | dependencies: 26 | 27 | ### urls 28 | # url of originating SCM repository 29 | repository: "https://github.com/goffinet/ansible-ccna-lab" 30 | # url to online docs 31 | documentation: "https://goffinet.github.io/ansible-ccna-lab/" 32 | # homepage of the collection/project 33 | homepage: "https://goffinet.github.io/ansible-ccna-lab/" 34 | # issue tracker url 35 | issues: "https://github.com/goffinet/ansible-ccna-lab/issues" 36 | -------------------------------------------------------------------------------- /roles/ios_role/README.md: -------------------------------------------------------------------------------- 1 | Role Name 2 | ========= 3 | 4 | A brief description of the role goes here. 5 | 6 | Requirements 7 | ------------ 8 | 9 | Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. 10 | 11 | Role Variables 12 | -------------- 13 | 14 | A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. 15 | 16 | Dependencies 17 | ------------ 18 | 19 | A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. 20 | 21 | Example Playbook 22 | ---------------- 23 | 24 | Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: 25 | 26 | - hosts: servers 27 | roles: 28 | - { role: username.rolename, x: 42 } 29 | 30 | License 31 | ------- 32 | 33 | BSD 34 | 35 | Author Information 36 | ------------------ 37 | 38 | An optional section for the role authors to include contact information, or a website (HTML is not allowed). 39 | -------------------------------------------------------------------------------- /inventories/custom/ospf_multiarea/group_vars/all: -------------------------------------------------------------------------------- 1 | --- 2 | template: "{{ inventory_dir }}/templates/iosv_default_config.j2" 3 | gns3_url: "http://172.16.253.1" 4 | gns3_lab_user: "{{ ansible_user }}" 5 | gns3_lab_pass: "{{ ansible_ssh_pass }}" 6 | project_name: "ospf_multiarea_lab" 7 | gns3_nodes_spec: 8 | - name: "R1" 9 | template: "Cisco IOSv 15.7(3)M3" 10 | x: 0 11 | y: 0 12 | - name: "R2" 13 | template: "Cisco IOSv 15.7(3)M3" 14 | x: -75 15 | y: 100 16 | - name: "R3" 17 | template: "Cisco IOSv 15.7(3)M3" 18 | x: 150 19 | y: 0 20 | - name: "S1" 21 | template: "Ethernet switch" 22 | x: -100 23 | y: 15 24 | - name: "S2" 25 | template: "Ethernet switch" 26 | x: -200 27 | y: 115 28 | - name: "S3" 29 | template: "Ethernet switch" 30 | x: 70 31 | y: 100 32 | - name: "nat0" 33 | template: "NAT" 34 | x: 250 35 | y: 0 36 | - name: "PC1" 37 | template: "VPCS" 38 | x: -200 39 | y: 0 40 | - name: "PC2" 41 | template: "VPCS" 42 | x: -200 43 | y: 175 44 | - name: "PC3" 45 | template: "VPCS" 46 | x: 70 47 | y: 175 48 | gns3_links_spec: 49 | - ["R1", "Gi0/2", "R2", "Gi0/1"] 50 | - ["R1", "Gi0/3", "R3", "Gi0/1"] 51 | - ["R3", "Gi0/3", "nat0", "nat0"] 52 | - ["R1", "Gi0/0", "S1", "Ethernet0"] 53 | - ["S1", "Ethernet1", "PC1", "Ethernet0"] 54 | - ["R2", "Gi0/0", "S2", "Ethernet0"] 55 | - ["S2", "Ethernet1", "PC2", "Ethernet0"] 56 | - ["R3", "Gi0/0", "S3", "Ethernet0"] 57 | - ["S3", "Ethernet1", "PC3", "Ethernet0"] 58 | -------------------------------------------------------------------------------- /inventories/custom/osseclab_minimal/group_vars/all: -------------------------------------------------------------------------------- 1 | --- 2 | template: "{{ inventory_dir }}/templates/default_config.j2" 3 | gns3_url: "http://172.16.253.1" 4 | gns3_lab_user: "{{ ansible_user }}" 5 | gns3_lab_pass: "{{ ansible_ssh_pass }}" 6 | project_name: "osseclab" 7 | gns3_nodes_spec: 8 | - name: "NAT" 9 | template: "NAT" 10 | x: 100 11 | y: -200 12 | - name: "gateway" 13 | template: "gateway" 14 | x: 0 15 | y: -200 16 | - name: "lan1" 17 | template: "Ethernet switch" 18 | x: -200 19 | y: -50 20 | - name: "srv1" 21 | template: "linux-server" 22 | x: -100 23 | y: 50 24 | - name: "lan2" 25 | template: "Ethernet switch" 26 | x: 200 27 | y: -50 28 | - name: "srv2" 29 | template: "linux-server" 30 | x: 300 31 | y: 50 32 | - name: "management" 33 | template: "Ethernet switch" 34 | x: 0 35 | y: 200 36 | - name: "controller" 37 | template: "controller" 38 | x: -100 39 | y: 250 40 | - name: "natctrl" 41 | template: "NAT" 42 | x: -350 43 | y: 250 44 | gns3_links_spec: 45 | - ["gateway", "Ethernet1", "NAT", "nat0"] 46 | - ["gateway", "Ethernet0", "lan1", "Ethernet0"] 47 | - ["gateway", "Ethernet2", "lan2", "Ethernet0"] 48 | - ["lan1", "Ethernet2", "srv1", "Ethernet0"] 49 | - ["lan2", "Ethernet2", "srv2", "Ethernet0"] 50 | - ["natctrl", "nat0", "controller", "Ethernet1"] 51 | - ["management", "Ethernet0", "controller", "Ethernet0"] 52 | - ["management", "Ethernet2", "srv1", "Ethernet1"] 53 | - ["management", "Ethernet4", "srv2", "Ethernet1"] 54 | - ["management", "Ethernet5", "gateway", "Ethernet3"] 55 | -------------------------------------------------------------------------------- /inventories/custom/smalllan/group_vars/all: -------------------------------------------------------------------------------- 1 | --- 2 | template: "{{ inventory_dir }}/templates/default_config.j2" 3 | gns3_url: "http://172.16.253.1" 4 | gns3_lab_user: "{{ ansible_user }}" 5 | gns3_lab_pass: "{{ ansible_ssh_pass }}" 6 | project_name: "smalllan" 7 | gns3_nodes_spec: 8 | - name: "management0" 9 | template: "Ethernet switch" 10 | x: 0 11 | y: 200 12 | - name: "controller" 13 | template: "controller" 14 | x: 0 15 | y: 300 16 | - name: "natctrl" 17 | template: "NAT" 18 | x: -200 19 | y: 300 20 | - name: "Internet" 21 | template: "NAT" 22 | x: -50 23 | y: -200 24 | - name: "lan0" 25 | template: "Ethernet switch" 26 | x: 0 27 | y: -50 28 | - name: "pc1" 29 | template: "linux-server" 30 | x: -200 31 | y: 50 32 | - name: "pc2" 33 | template: "linux-server" 34 | x: -75 35 | y: 50 36 | - name: "pc3" 37 | template: "linux-server" 38 | x: 75 39 | y: 50 40 | - name: "pc4" 41 | template: "linux-server" 42 | x: 200 43 | y: 50 44 | gns3_links_spec: 45 | - ["lan0", "Ethernet0", "Internet", "nat0"] 46 | - ["lan0", "Ethernet1", "pc1", "Ethernet0"] 47 | - ["lan0", "Ethernet2", "pc2", "Ethernet0"] 48 | - ["lan0", "Ethernet3", "pc3", "Ethernet0"] 49 | - ["lan0", "Ethernet4", "pc4", "Ethernet0"] 50 | - ["natctrl", "nat0", "controller", "Ethernet1"] 51 | - ["management0", "Ethernet0", "controller", "Ethernet0"] 52 | - ["management0", "Ethernet1", "pc1", "Ethernet1"] 53 | - ["management0", "Ethernet2", "pc2", "Ethernet1"] 54 | - ["management0", "Ethernet3", "pc3", "Ethernet1"] 55 | - ["management0", "Ethernet4", "pc4", "Ethernet1"] 56 | -------------------------------------------------------------------------------- /inventories/router_on_a_stick/host_vars/R1: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: R1 3 | interfaces: 4 | - id: GigabitEthernet0/0 5 | description: "Trunk LAN R1" 6 | trunk: 7 | - id: GigabitEthernet0/0.1 8 | description: "VLAN 10 DATA to SW0" 9 | trunk: 10 | vlan: 10 11 | ipv4_address: 192.168.10.254/24 12 | - id: GigabitEthernet0/0.2 13 | description: "VLAN 20 VOICE to SW0" 14 | trunk: 15 | vlan: 20 16 | ipv4_address: 192.168.20.254/24 17 | - id: GigabitEthernet0/0.3 18 | description: "VLAN 99 MANAGEMENT to SW0" 19 | trunk: 20 | vlan: 99 21 | ipv4_address: 192.168.1.254/24 22 | - id: GigabitEthernet0/0.4 23 | description: "VLAN 100 native to SW0" 24 | trunk: 25 | native: 100 26 | - id: GigabitEthernet0/1 27 | description: "Internet connexion ip nat outside" 28 | ipv4_address: dhcp 29 | dhcp: 30 | dhcp_pool: 31 | - id: "VLAN10" 32 | network: 192.168.10.0 33 | netmask: 255.255.255.0 34 | router: 192.168.10.254 35 | dns: 192.168.10.254 36 | - id: "VLAN20" 37 | network: 192.168.20.0 38 | netmask: 255.255.255.0 39 | router: 192.168.20.254 40 | dns: 192.168.20.254 41 | dhcp_excluded: 42 | - start: 192.168.10.1 43 | end: 192.168.10.100 44 | - start: 192.168.20.1 45 | end: 192.168.20.100 46 | nat: 47 | name: "LANS" 48 | inside: 49 | - GigabitEthernet0/0.1 50 | - GigabitEthernet0/0.2 51 | - GigabitEthernet0/0.3 52 | outside: GigabitEthernet0/1 53 | sources: 54 | - "192.168.1.0 0.0.0.255" 55 | - "192.168.10.0 0.0.0.255" 56 | - "192.168.20.0 0.0.1.255" 57 | rdnss: 58 | name_server: 1.1.1.1 59 | -------------------------------------------------------------------------------- /docs/_posts/0001-01-01-objectifs.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: single 3 | title: "Objectifs du projet Ansible CCNA Lab" 4 | permalink: /objectifs/ 5 | excerpt: "Le but du projet est **uniquement pédagogique** visant à lier les compétences de gestion du réseau du CCNA/CCNP avec un outil IaC (\"Infrastructure as Code\") de gestion des configurations (\"Configuration Management\") comme Ansible et un gestionnaire de source (\"Source Control Management\") comme Git/Github. Le projet tente de répondre à la question suivante : Comment porter les labs de formation d'infrastructure IT (Cisco) sous forme de code ?" 6 | tags: 7 | - tutoriel 8 | sidebar: 9 | nav: "menu" 10 | date: 2020-05-23 11 | --- 12 | 13 | ## Objectif pédagogique 14 | 15 | Le but du projet est **uniquement pédagogique** visant à lier les compétences de gestion du réseau du CCNA/CCNP avec un outil IaC ("Infrastructure as Code") de gestion des configurations ("Configuration Management") comme Ansible et un gestionnaire de source ("Source Control Management") comme Git/Github. Il est utilisé dans les classes de formation Cisco. 16 | 17 | ## As Code 18 | 19 | Le projet tente de répondre à la question suivante : Comment porter les labs de formation d'infrastructure IT (Cisco) sous forme de code ? 20 | 21 | ## Facilités 22 | 23 | Il s'agit aussi pour le formateur et pour les stagiaires d'avoir sous la main un outil souple pour créer et gérer des scénarios de labs qui demandent une préconfiguration ou des changements de configuration (afin de créer des erreurs à corriger manuellement par exemple, développer des projets plus complexes, observer des situations, compléter des configurations, mettre en place des modifications, etc.). 24 | -------------------------------------------------------------------------------- /inventories/router_on_a_stick/host_vars/SW0: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: SW0 3 | interfaces: 4 | - id: Vlan99 5 | description: "Management real gateway" 6 | ipv4_address: 192.168.1.1/24 7 | - id: GigabitEthernet0/0 8 | description: "Stub interface" 9 | stub: true 10 | - id: GigabitEthernet0/1 11 | description: "Trunk to SW1" 12 | trunk: 13 | native: 100 14 | - id: GigabitEthernet0/2 15 | description: "Trunk to R1" 16 | trunk: 17 | native: 100 18 | - id: GigabitEthernet0/3 19 | description: "Stub interface" 20 | stub: true 21 | - id: GigabitEthernet1/0 22 | description: "VLAN10 access port" 23 | access: 24 | vlan: 10 25 | - id: GigabitEthernet1/1 26 | description: "VLAN10 access port" 27 | access: 28 | vlan: 10 29 | - id: GigabitEthernet1/2 30 | description: "VLAN10 access port" 31 | access: 32 | vlan: 10 33 | - id: GigabitEthernet1/3 34 | description: "VLAN10 access port" 35 | access: 36 | vlan: 10 37 | - id: GigabitEthernet2/0 38 | description: "VLAN20 access port" 39 | access: 40 | vlan: 20 41 | - id: GigabitEthernet2/1 42 | description: "VLAN20 access port" 43 | access: 44 | vlan: 20 45 | - id: GigabitEthernet2/2 46 | description: "VLAN20 access port" 47 | access: 48 | vlan: 20 49 | - id: GigabitEthernet2/3 50 | description: "VLAN20 access port" 51 | access: 52 | vlan: 20 53 | - id: GigabitEthernet3/0 54 | description: "Stub interface" 55 | stub: true 56 | - id: GigabitEthernet3/1 57 | description: "Stub interface" 58 | stub: true 59 | - id: GigabitEthernet3/2 60 | description: "Stub interface" 61 | stub: true 62 | -------------------------------------------------------------------------------- /inventories/router_on_a_stick/host_vars/SW1: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: SW1 3 | stp: 4 | mode: rapid-pvst 5 | interfaces: 6 | - id: Vlan99 7 | description: "Management real gateway" 8 | ipv4_address: 192.168.1.2/24 9 | - id: GigabitEthernet0/0 10 | description: "Stub interface" 11 | stub: true 12 | - id: GigabitEthernet0/1 13 | description: "Trunk to SW0" 14 | trunk: 15 | native: 100 16 | - id: GigabitEthernet0/2 17 | description: "Stub interface" 18 | stub: true 19 | - id: GigabitEthernet0/3 20 | description: "Stub interface" 21 | stub: true 22 | - id: GigabitEthernet1/0 23 | description: "VLAN10 access port" 24 | access: 25 | vlan: 10 26 | - id: GigabitEthernet1/1 27 | description: "VLAN10 access port" 28 | access: 29 | vlan: 10 30 | - id: GigabitEthernet1/2 31 | description: "VLAN10 access port" 32 | access: 33 | vlan: 10 34 | - id: GigabitEthernet1/3 35 | description: "VLAN10 access port" 36 | access: 37 | vlan: 10 38 | - id: GigabitEthernet2/0 39 | description: "VLAN20 access port" 40 | access: 41 | vlan: 20 42 | - id: GigabitEthernet2/1 43 | description: "VLAN20 access port" 44 | access: 45 | vlan: 20 46 | - id: GigabitEthernet2/2 47 | description: "VLAN20 access port" 48 | access: 49 | vlan: 20 50 | - id: GigabitEthernet2/3 51 | description: "VLAN20 access port" 52 | access: 53 | vlan: 20 54 | - id: GigabitEthernet3/0 55 | description: "Stub interface" 56 | stub: true 57 | - id: GigabitEthernet3/1 58 | description: "Stub interface" 59 | stub: true 60 | - id: GigabitEthernet3/2 61 | description: "Stub interface" 62 | stub: true 63 | -------------------------------------------------------------------------------- /inventories/bipod/group_vars/all: -------------------------------------------------------------------------------- 1 | --- 2 | template: "templates/iosv_default_config.j2" 3 | domain_name: lan 4 | ipv4: 5 | routing: 6 | - rip 7 | ipv6: 8 | enabled: yes 9 | forwarding: yes 10 | routing: 11 | eigrp_as: 1 12 | rdnss: 13 | name_server: 1.1.1.1 14 | 15 | gns3_url: "http://172.16.253.1" 16 | gns3_lab_user: "{{ ansible_user }}" 17 | gns3_lab_pass: "{{ ansible_ssh_pass }}" 18 | project_name: "bipod_lab" 19 | gns3_nodes_spec: 20 | - name: "controller" 21 | template: "controller" 22 | x: 0 23 | y: -300 24 | - name: "R1" 25 | template: "Cisco IOSv 15.7(3)M3" 26 | x: -100 27 | y: -100 28 | - name: "R2" 29 | template: "Cisco IOSv 15.7(3)M3" 30 | x: 100 31 | y: -100 32 | - name: "S1" 33 | template: "Ethernet switch" 34 | x: -105 35 | y: 15 36 | - name: "S2" 37 | template: "Ethernet switch" 38 | x: 95 39 | y: 15 40 | - name: "nat0" 41 | template: "NAT" 42 | x: -300 43 | y: -100 44 | - name: "PC1" 45 | template: "VPCS" 46 | x: -100 47 | y: 100 48 | - name: "PC2" 49 | template: "VPCS" 50 | x: 100 51 | y: 100 52 | - name: "ctrl0" 53 | template: "Ethernet switch" 54 | x: -5 55 | y: -185 56 | - name: "nat1" 57 | template: "NAT" 58 | x: -300 59 | y: -300 60 | gns3_links_spec: 61 | - ["R1", "Gi0/2", "R2", "Gi0/1"] 62 | - ["R1", "Gi0/1", "nat0", "nat0"] 63 | - ["R1", "Gi0/0", "S1", "Ethernet0"] 64 | - ["S1", "Ethernet1", "PC1", "Ethernet0"] 65 | - ["R2", "Gi0/0", "S2", "Ethernet0"] 66 | - ["S2", "Ethernet1", "PC2", "Ethernet0"] 67 | - ["R1", "Gi0/7", "ctrl0", "Ethernet1"] 68 | - ["R2", "Gi0/7", "ctrl0", "Ethernet2"] 69 | - ["ctrl0", "Ethernet0", "controller", "Ethernet0"] 70 | - ["controller", "Ethernet1", "nat1", "nat0"] 71 | -------------------------------------------------------------------------------- /playbooks/demos/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Based on https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters_ipaddr.html#playbooks-filters-ipaddr 3 | - name: Using ipaddr filter and check on ip address variables 4 | hosts: localhost 5 | gather_facts: False 6 | vars: 7 | routing: 8 | eigrp_as: 1 9 | interfaces: 10 | - id: GigabitEthernet0 11 | ipv4_address: 192.168.1.1/24 12 | eigrp4: 13 | ospfv2: 14 | area: 0 15 | cost: 1 16 | pri: 255 17 | eigrp6: 18 | - id: GigabitEthernet1 19 | 20 | tasks: 21 | - name: get the classfull networks for eigrp4 22 | block: 23 | - set_fact: 24 | ipv4a: "{{ interfaces | selectattr('eigrp4', 'defined') | map(attribute='ipv4_address') | ipaddr('address') | ipaddr('0.0.0.0/1') | map('regex_replace', '(\\b(?:[0-9]{1,3}\\.){3}[0-9]{1,3}\\b)', '\\1/8') | ipaddr('network') | list | unique }}" 25 | ipv4b: "{{ interfaces | selectattr('eigrp4', 'defined') | map(attribute='ipv4_address') | ipaddr('address') | ipaddr('128.0.0.0/2') | map('regex_replace', '(\\b(?:[0-9]{1,3}\\.){3}[0-9]{1,3}\\b)', '\\1/16') | ipaddr('network') | list | unique }}" 26 | ipv4c: "{{ interfaces | selectattr('eigrp4', 'defined') | map(attribute='ipv4_address') | ipaddr('address') | ipaddr('192.0.0.0/3') | map('regex_replace', '(\\b(?:[0-9]{1,3}\\.){3}[0-9]{1,3}\\b)', '\\1/24') | ipaddr('network') | list | unique }}" 27 | - set_fact: 28 | ipv4_classful_list: "{{ ipv4a + ipv4b + ipv4c }}" 29 | - debug: 30 | msg: "network {{ item.ipv4_address | ipaddr('network') }} {{ item.ipv4_address | ipaddr('hostmask') }} area {{ item.ospfv2.area }}" 31 | loop: "{{ interfaces | selectattr('eigrp4', 'defined') | list }}" 32 | -------------------------------------------------------------------------------- /inventories/tripod/host_vars/R1: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: R1 3 | interfaces: 4 | - id: GigabitEthernet0/0 5 | description: "LAN R1" 6 | ipv4_address: 192.168.1.1/24 7 | passive: 8 | rip: 9 | eigrp4: 10 | ospfv2: 11 | area: 0 12 | cost: 1 13 | pri: 255 14 | ipv6_addresses: 15 | - 'FE80::1' 16 | - 'FD00:FD00:FD00:1::1/64' 17 | eigrp6: 18 | ospfv3: 19 | area: 0 20 | cost: 1 21 | pri: 255 22 | - id: GigabitEthernet0/1 23 | description: "Internet connexion ip nat outside" 24 | ipv4_address: dhcp 25 | - id: GigabitEthernet0/2 26 | description: "Link to R2" 27 | ipv4_address: 192.168.225.1/24 28 | rip: 29 | eigrp4: 30 | ospfv2: 31 | area: 0 32 | cost: 1 33 | pri: 255 34 | ipv6_addresses: 35 | - 'FE80::1' 36 | eigrp6: 37 | ospfv3: 38 | area: 0 39 | cost: 1 40 | pri: 255 41 | - id: GigabitEthernet0/3 42 | description: "Link to R3" 43 | ipv4_address: 192.168.226.1/24 44 | rip: 45 | eigrp4: 46 | ospfv2: 47 | area: 0 48 | cost: 1 49 | pri: 255 50 | ipv6_addresses: 51 | - 'FE80::1' 52 | eigrp6: 53 | ospfv3: 54 | area: 0 55 | cost: 1 56 | pri: 255 57 | routing: 58 | rid: 1.1.1.1 59 | eigrp_as: 1 60 | dhcp: 61 | dhcp_pool: 62 | - id: "LANR1" 63 | network: 192.168.1.0 64 | netmask: 255.255.255.0 65 | router: 192.168.1.1 66 | dns: 192.168.1.1 67 | dhcp_excluded: 68 | - start: 192.168.1.1 69 | end: 192.168.1.100 70 | nat: 71 | name: "LANS" 72 | inside: 73 | - GigabitEthernet0/0 74 | - GigabitEthernet0/2 75 | - GigabitEthernet0/3 76 | outside: GigabitEthernet0/1 77 | sources: 78 | - "192.168.0.0 0.0.255.255" 79 | -------------------------------------------------------------------------------- /inventories/custom/ospf_multiarea/host_vars/R1: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: R1 3 | interfaces: 4 | - id: GigabitEthernet0/0 5 | description: "LAN R1" 6 | ipv4_address: 192.168.1.1/24 7 | passive: 8 | rip: 9 | eigrp4: 10 | ospfv2: 11 | area: 0 12 | cost: 1 13 | pri: 255 14 | ipv6_addresses: 15 | - 'FE80::1' 16 | - 'FD00:FD00:FD00:1::1/64' 17 | eigrp6: 18 | ospfv3: 19 | area: 0 20 | cost: 1 21 | pri: 255 22 | - id: GigabitEthernet0/1 23 | description: "Internet connexion ip nat outside" 24 | ipv4_address: dhcp 25 | - id: GigabitEthernet0/2 26 | description: "Link to R2" 27 | ipv4_address: 192.168.225.1/24 28 | rip: 29 | eigrp4: 30 | ospfv2: 31 | area: 0 32 | cost: 1 33 | pri: 255 34 | ipv6_addresses: 35 | - 'FE80::1' 36 | eigrp6: 37 | ospfv3: 38 | area: 0 39 | cost: 1 40 | pri: 255 41 | - id: GigabitEthernet0/3 42 | description: "Link to R3" 43 | ipv4_address: 192.168.226.1/24 44 | rip: 45 | eigrp4: 46 | ospfv2: 47 | area: 0 48 | cost: 1 49 | pri: 255 50 | ipv6_addresses: 51 | - 'FE80::1' 52 | eigrp6: 53 | ospfv3: 54 | area: 0 55 | cost: 1 56 | pri: 255 57 | routing: 58 | rid: 1.1.1.1 59 | eigrp_as: 1 60 | dhcp: 61 | dhcp_pool: 62 | - id: "LANR1" 63 | network: 192.168.1.0 64 | netmask: 255.255.255.0 65 | router: 192.168.1.1 66 | dns: 192.168.1.1 67 | dhcp_excluded: 68 | - start: 192.168.1.1 69 | end: 192.168.1.100 70 | nat: 71 | name: "LANS" 72 | inside: 73 | - GigabitEthernet0/0 74 | - GigabitEthernet0/2 75 | - GigabitEthernet0/3 76 | outside: GigabitEthernet0/1 77 | sources: 78 | - "192.168.0.0 0.0.255.255" 79 | -------------------------------------------------------------------------------- /inventories/ccna/host_vars/R1: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: R1 3 | interfaces: 4 | - id: GigabitEthernet0/0 5 | description: "LAN R1" 6 | ipv4_address: 192.168.1.1/24 7 | passive: 8 | rip: 9 | eigrp4: 10 | ospfv2: 11 | area: 0 12 | cost: 1 13 | pri: 255 14 | ipv6_addresses: 15 | - 'FE80::1' 16 | - 'FD00:FD00:FD00:1::1/64' 17 | eigrp6: 18 | ospfv3: 19 | area: 0 20 | cost: 1 21 | pri: 255 22 | - id: GigabitEthernet0/1 23 | description: "Internet connexion ip nat outside" 24 | ipv4_address: dhcp 25 | - id: GigabitEthernet0/2 26 | description: "Link to R2" 27 | ipv4_address: 192.168.225.1/24 28 | rip: 29 | eigrp4: 30 | ospfv2: 31 | area: 0 32 | cost: 1 33 | pri: 255 34 | ipv6_addresses: 35 | - 'FE80::1' 36 | eigrp6: 37 | ospfv3: 38 | area: 0 39 | cost: 1 40 | pri: 255 41 | - id: GigabitEthernet0/3 42 | description: "Link to R3" 43 | ipv4_address: 192.168.226.1/24 44 | rip: 45 | eigrp4: 46 | ospfv2: 47 | area: 0 48 | cost: 1 49 | pri: 255 50 | ipv6_addresses: 51 | - 'FE80::1' 52 | eigrp6: 53 | ospfv3: 54 | area: 0 55 | cost: 1 56 | pri: 255 57 | routing: 58 | rid: 1.1.1.1 59 | eigrp_as: 1 60 | dhcp: 61 | dhcp_pool: 62 | - id: "LANR1" 63 | network: 192.168.1.0 64 | netmask: 255.255.255.0 65 | router: 192.168.1.1 66 | dns: 192.168.1.1 67 | dhcp_excluded: 68 | - start: 192.168.1.1 69 | end: 192.168.1.100 70 | nat: 71 | name: "LANS" 72 | inside: 73 | - GigabitEthernet0/0 74 | - GigabitEthernet0/2 75 | - GigabitEthernet0/3 76 | outside: GigabitEthernet0/1 77 | sources: 78 | - "192.168.0.0 0.0.255.255" 79 | - "172.16.0.0 0.0.255.255" 80 | -------------------------------------------------------------------------------- /inventories/router_on_a_stick/group_vars/all: -------------------------------------------------------------------------------- 1 | --- 2 | domain_name: lan 3 | 4 | template: "templates/iosv_default_config.j2" 5 | gns3_url: "http://172.16.253.1" 6 | gns3_lab_user: "{{ ansible_user }}" 7 | gns3_lab_pass: "{{ ansible_ssh_pass }}" 8 | project_name: "router_on_a_stick_lab" 9 | gns3_nodes_spec: 10 | - name: "controller" 11 | template: "controller" 12 | x: -200 13 | y: -265 14 | - name: "R1" 15 | template: "Cisco IOSv 15.7(3)M3" 16 | x: 0 17 | y: -200 18 | - name: "SW0" 19 | template: "Cisco IOSvL2 15.2.1" 20 | x: 0 21 | y: -100 22 | - name: "SW1" 23 | template: "Cisco IOSvL2 15.2.1" 24 | x: 0 25 | y: 0 26 | - name: "nat0" 27 | template: "NAT" 28 | x: 100 29 | y: -200 30 | - name: "PC1-VLAN10" 31 | template: "VPCS" 32 | x: -100 33 | y: -100 34 | - name: "PC1-VLAN20" 35 | template: "VPCS" 36 | x: 100 37 | y: -100 38 | - name: "PC2-VLAN10" 39 | template: "VPCS" 40 | x: -100 41 | y: 0 42 | - name: "PC2-VLAN20" 43 | template: "VPCS" 44 | x: 100 45 | y: 0 46 | - name: "ctrl0" 47 | template: "Ethernet switch" 48 | x: -100 49 | y: -250 50 | - name: "nat1" 51 | template: "NAT" 52 | x: -400 53 | y: -265 54 | gns3_links_spec: 55 | - ["R1", "Gi0/1", "nat0", "nat0"] 56 | - ["R1", "Gi0/0", "SW0", "Gi0/2"] 57 | - ["SW0", "Gi0/1", "SW1", "Gi0/1"] 58 | - ["SW0", "Gi1/0", "PC1-VLAN10", "Ethernet0"] 59 | - ["SW0", "Gi2/0", "PC1-VLAN20", "Ethernet0"] 60 | - ["SW1", "Gi1/0", "PC2-VLAN10", "Ethernet0"] 61 | - ["SW1", "Gi2/0", "PC2-VLAN20", "Ethernet0"] 62 | - ["R1", "Gi0/7", "ctrl0", "Ethernet1"] 63 | - ["SW0", "Gi3/3", "ctrl0", "Ethernet2"] 64 | - ["SW1", "Gi3/3", "ctrl0", "Ethernet3"] 65 | - ["ctrl0", "Ethernet0", "controller", "Ethernet0"] 66 | - ["controller", "Ethernet1", "nat1", "nat0"] 67 | -------------------------------------------------------------------------------- /docs/_posts/0001-03-03-configuration-de-la-station-de-controle.md: -------------------------------------------------------------------------------- 1 | --- 2 | layout: single 3 | title: "Configuration de la station de contrôle" 4 | permalink: /mise-en-place-du-lab-sur-gns3/configuration-de-la-station-de-controle/ 5 | excerpt: "La station de contrôle a besoin d'être configurée mannuellement." 6 | tags: 7 | - tutoriel 8 | sidebar: 9 | nav: "menu" 10 | date: 2020-05-24 11 | --- 12 | 13 | La station de contrôle a besoin d'être configurée mannuellement. 14 | 15 | La station de contrôle connecte tous les périphériques en SSH. Le logiciel Ansible y est fraîchement installé (avec la libraire python `netaddr`) avec `pip` ou à partir des dépôts officiels. 16 | 17 | La station de contrôle offre un service DHCP avec un enregistrement dynamique des noms d'hôte dans un serveur DNS local (`dnsmasq`). Un serveur Rsyslog écoute sur les ports TCP514 et UDP514. 18 | 19 | On trouve des scripts de préparation d'une station de contrôle Centos et Ubuntu dans le dossier [tests/](https://github.com/goffinet/ansible-ccna-lab/blob/master/tests/). L'interface `eth0` contrôle les périphériques et l'interface `eth1` donne accès à l'Internet. 20 | 21 | On peut rapidement innstaller un contrôleur sous Centos : 22 | 23 | ```bash 24 | curl -s https://raw.githubusercontent.com/goffinet/ansible-ccna-lab/master/tests/centos-controller.sh -o setup.sh 25 | bash -x ./setup.sh 26 | ``` 27 | 28 | Si la version libre de Ansible Tower (Ansible AWX) vous intéresse, vous pouvez l'installer via ce script (4Go RAM et 2 vcpus) sur un station Ubuntu : 29 | 30 | ```bash 31 | curl -s https://raw.githubusercontent.com/goffinet/ansible-ccna-lab/master/tests/ubuntu-controller.sh -o setup.sh 32 | bash -x ./setup.sh 33 | ``` 34 | 35 | Et puis : 36 | 37 | ```bash 38 | curl -s https://raw.githubusercontent.com/goffinet/ansible-ccna-lab/master/tests/awx-setup.sh -o awx-setup.sh 39 | bash -x ./awx-setup.sh 40 | ``` 41 | -------------------------------------------------------------------------------- /inventories/custom/tripod_l2/templates/iosv_default_config.j2: -------------------------------------------------------------------------------- 1 | configure terminal 2 | hostname {{ inventory_hostname }} 3 | {% if mgmt_interface is defined %} 4 | interface {{ mgmt_interface }} 5 | {% if image_style == "iosv_l2" %} 6 | no switchport 7 | {% endif %} 8 | ip address dhcp 9 | no cdp enable 10 | no shutdown 11 | {% endif %} 12 | {% if image_style == "iosv_l2" %} 13 | no ip routing 14 | vlan 10 15 | name User 16 | vlan 99 17 | name Management 18 | {% endif %} 19 | {% if inventory_hostname == "SW1" and image_style == "iosv_l2" %} 20 | interface G1/0 21 | switchport mode access 22 | switchport access vlan 10 23 | no shutdown 24 | interface range G0/2,G0/3 25 | switchport trunk encapsulation dot1q 26 | switchport mode trunk 27 | switchport trunk native vlan 99 28 | no shutdown 29 | interface vlan 99 30 | no shutdown 31 | ip address 192.168.1.11 255.255.255.0 32 | {% endif %} 33 | {% if inventory_hostname == "SW2" and image_style == "iosv_l2" %} 34 | interface range G0/1,G0/3 35 | switchport trunk encapsulation dot1q 36 | switchport mode trunk 37 | switchport trunk native vlan 99 38 | no shutdown 39 | interface vlan 99 40 | ip address 192.168.1.12 255.255.255.0 41 | no shutdown 42 | {% endif %} 43 | {% if inventory_hostname == "SW3" and image_style == "iosv_l2" %} 44 | interface G2/0 45 | switchport mode access 46 | switchport access vlan 10 47 | no shutdown 48 | interface range G0/1,G0/2 49 | switchport trunk encapsulation dot1q 50 | switchport mode trunk 51 | switchport trunk native vlan 99 52 | no shutdown 53 | interface vlan 99 54 | ip address 192.168.1.13 255.255.255.0 55 | no shutdown 56 | {% endif %} 57 | ip domain-name lan 58 | username {{ gns3_lab_user }} privilege 15 password {{ gns3_lab_pass }} 59 | crypto key generate rsa modulus 2048 60 | ip ssh version 2 61 | ip scp server enable 62 | line vty 0 4 63 | login local 64 | transport input ssh 65 | end 66 | write memory 67 | -------------------------------------------------------------------------------- /roles/ios_common/tasks/configure_banners.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: remove the login banner 3 | ios_banner: 4 | banner: login 5 | state: absent 6 | when: not banners.enabled or banners is undefined 7 | - name: set the login banner 8 | ios_banner: 9 | banner: login 10 | text: "{{ banners.login }}" 11 | state: present 12 | when: 13 | - banners.enabled 14 | - banners.login is defined 15 | - name: remove the motd banner 16 | ios_banner: 17 | banner: motd 18 | state: absent 19 | when: not banners.enabled or banners is undefined 20 | - name: set the motd banner 21 | ios_banner: 22 | banner: motd 23 | text: "{{ banners.motd }}" 24 | state: present 25 | when: 26 | - banners.enabled 27 | - banners.motd is defined 28 | - name: remove the exec banner 29 | ios_banner: 30 | banner: exec 31 | state: absent 32 | when: not banners.enabled or banners is undefined 33 | - name: set the exec banner 34 | ios_banner: 35 | banner: exec 36 | text: "{{ banners.exec }}" 37 | state: present 38 | when: 39 | - banners.enabled 40 | - banners.exec is defined 41 | - name: remove the incoming banner 42 | ios_banner: 43 | banner: incoming 44 | state: absent 45 | when: not banners.enabled or banners is undefined 46 | - name: set the incoming banner 47 | ios_banner: 48 | banner: incoming 49 | text: "{{ banners.incoming }}" 50 | state: present 51 | when: 52 | - banners.enabled 53 | - banners.incoming is defined 54 | - name: remove the slip-ppp banner 55 | ios_banner: 56 | banner: slip-ppp 57 | state: absent 58 | when: not banners.enabled or banners is undefined 59 | - name: set the slip-ppp banner 60 | ios_banner: 61 | banner: slip-ppp 62 | text: "{{ banners.slip_ppp }}" 63 | state: present 64 | when: 65 | - banners.enabled 66 | - banners.slip_ppp is defined 67 | -------------------------------------------------------------------------------- /playbooks/files/default_configs/AS1.cfg: -------------------------------------------------------------------------------- 1 | version 15.2 2 | service timestamps debug datetime msec 3 | service timestamps log datetime msec 4 | no service password-encryption 5 | service compress-config 6 | ! 7 | hostname AS1 8 | ! 9 | boot-start-marker 10 | boot-end-marker 11 | ! 12 | username root privilege 15 password 0 testtest 13 | no aaa new-model 14 | ! 15 | ip domain-name lan 16 | ip cef 17 | no ipv6 cef 18 | ! 19 | spanning-tree mode pvst 20 | spanning-tree extend system-id 21 | ! 22 | interface GigabitEthernet0/0 23 | negotiation auto 24 | ! 25 | interface GigabitEthernet0/1 26 | negotiation auto 27 | ! 28 | interface GigabitEthernet0/2 29 | negotiation auto 30 | ! 31 | interface GigabitEthernet0/3 32 | negotiation auto 33 | ! 34 | interface GigabitEthernet1/0 35 | negotiation auto 36 | ! 37 | interface GigabitEthernet1/1 38 | negotiation auto 39 | ! 40 | interface GigabitEthernet1/2 41 | negotiation auto 42 | ! 43 | interface GigabitEthernet1/3 44 | negotiation auto 45 | ! 46 | interface GigabitEthernet2/0 47 | negotiation auto 48 | ! 49 | interface GigabitEthernet2/1 50 | negotiation auto 51 | ! 52 | interface GigabitEthernet2/2 53 | negotiation auto 54 | ! 55 | interface GigabitEthernet2/3 56 | negotiation auto 57 | ! 58 | interface GigabitEthernet3/0 59 | negotiation auto 60 | ! 61 | interface GigabitEthernet3/1 62 | negotiation auto 63 | ! 64 | interface GigabitEthernet3/2 65 | negotiation auto 66 | ! 67 | interface GigabitEthernet3/3 68 | no switchport 69 | ip address dhcp 70 | negotiation auto 71 | ! 72 | ip forward-protocol nd 73 | ! 74 | ip http server 75 | ! 76 | ip ssh version 2 77 | ip scp server enable 78 | ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr 79 | ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr 80 | ! 81 | control-plane 82 | ! 83 | line con 0 84 | line aux 0 85 | line vty 0 4 86 | login local 87 | transport input ssh 88 | ! 89 | end 90 | -------------------------------------------------------------------------------- /playbooks/files/default_configs/AS2.cfg: -------------------------------------------------------------------------------- 1 | version 15.2 2 | service timestamps debug datetime msec 3 | service timestamps log datetime msec 4 | no service password-encryption 5 | service compress-config 6 | ! 7 | hostname AS2 8 | ! 9 | boot-start-marker 10 | boot-end-marker 11 | ! 12 | username root privilege 15 password 0 testtest 13 | no aaa new-model 14 | ! 15 | ip domain-name lan 16 | ip cef 17 | no ipv6 cef 18 | ! 19 | spanning-tree mode pvst 20 | spanning-tree extend system-id 21 | ! 22 | interface GigabitEthernet0/0 23 | negotiation auto 24 | ! 25 | interface GigabitEthernet0/1 26 | negotiation auto 27 | ! 28 | interface GigabitEthernet0/2 29 | negotiation auto 30 | ! 31 | interface GigabitEthernet0/3 32 | negotiation auto 33 | ! 34 | interface GigabitEthernet1/0 35 | negotiation auto 36 | ! 37 | interface GigabitEthernet1/1 38 | negotiation auto 39 | ! 40 | interface GigabitEthernet1/2 41 | negotiation auto 42 | ! 43 | interface GigabitEthernet1/3 44 | negotiation auto 45 | ! 46 | interface GigabitEthernet2/0 47 | negotiation auto 48 | ! 49 | interface GigabitEthernet2/1 50 | negotiation auto 51 | ! 52 | interface GigabitEthernet2/2 53 | negotiation auto 54 | ! 55 | interface GigabitEthernet2/3 56 | negotiation auto 57 | ! 58 | interface GigabitEthernet3/0 59 | negotiation auto 60 | ! 61 | interface GigabitEthernet3/1 62 | negotiation auto 63 | ! 64 | interface GigabitEthernet3/2 65 | negotiation auto 66 | ! 67 | interface GigabitEthernet3/3 68 | no switchport 69 | ip address dhcp 70 | negotiation auto 71 | ! 72 | ip forward-protocol nd 73 | ! 74 | ip http server 75 | ! 76 | ip ssh version 2 77 | ip scp server enable 78 | ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr 79 | ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr 80 | ! 81 | control-plane 82 | ! 83 | line con 0 84 | line aux 0 85 | line vty 0 4 86 | login local 87 | transport input ssh 88 | ! 89 | end 90 | -------------------------------------------------------------------------------- /playbooks/files/default_configs/DS1.cfg: -------------------------------------------------------------------------------- 1 | version 15.2 2 | service timestamps debug datetime msec 3 | service timestamps log datetime msec 4 | no service password-encryption 5 | service compress-config 6 | ! 7 | hostname DS1 8 | ! 9 | boot-start-marker 10 | boot-end-marker 11 | ! 12 | username root privilege 15 password 0 testtest 13 | no aaa new-model 14 | ! 15 | ip domain-name lan 16 | ip cef 17 | no ipv6 cef 18 | ! 19 | spanning-tree mode pvst 20 | spanning-tree extend system-id 21 | ! 22 | interface GigabitEthernet0/0 23 | negotiation auto 24 | ! 25 | interface GigabitEthernet0/1 26 | negotiation auto 27 | ! 28 | interface GigabitEthernet0/2 29 | negotiation auto 30 | ! 31 | interface GigabitEthernet0/3 32 | negotiation auto 33 | ! 34 | interface GigabitEthernet1/0 35 | negotiation auto 36 | ! 37 | interface GigabitEthernet1/1 38 | negotiation auto 39 | ! 40 | interface GigabitEthernet1/2 41 | negotiation auto 42 | ! 43 | interface GigabitEthernet1/3 44 | negotiation auto 45 | ! 46 | interface GigabitEthernet2/0 47 | negotiation auto 48 | ! 49 | interface GigabitEthernet2/1 50 | negotiation auto 51 | ! 52 | interface GigabitEthernet2/2 53 | negotiation auto 54 | ! 55 | interface GigabitEthernet2/3 56 | negotiation auto 57 | ! 58 | interface GigabitEthernet3/0 59 | negotiation auto 60 | ! 61 | interface GigabitEthernet3/1 62 | negotiation auto 63 | ! 64 | interface GigabitEthernet3/2 65 | negotiation auto 66 | ! 67 | interface GigabitEthernet3/3 68 | no switchport 69 | ip address dhcp 70 | negotiation auto 71 | ! 72 | ip forward-protocol nd 73 | ! 74 | ip http server 75 | ! 76 | ip ssh version 2 77 | ip scp server enable 78 | ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr 79 | ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr 80 | ! 81 | control-plane 82 | ! 83 | line con 0 84 | line aux 0 85 | line vty 0 4 86 | login local 87 | transport input ssh 88 | ! 89 | end 90 | -------------------------------------------------------------------------------- /playbooks/files/default_configs/DS2.cfg: -------------------------------------------------------------------------------- 1 | version 15.2 2 | service timestamps debug datetime msec 3 | service timestamps log datetime msec 4 | no service password-encryption 5 | service compress-config 6 | ! 7 | hostname DS2 8 | ! 9 | boot-start-marker 10 | boot-end-marker 11 | ! 12 | username root privilege 15 password 0 testtest 13 | no aaa new-model 14 | ! 15 | ip domain-name lan 16 | ip cef 17 | no ipv6 cef 18 | ! 19 | spanning-tree mode pvst 20 | spanning-tree extend system-id 21 | ! 22 | interface GigabitEthernet0/0 23 | negotiation auto 24 | ! 25 | interface GigabitEthernet0/1 26 | negotiation auto 27 | ! 28 | interface GigabitEthernet0/2 29 | negotiation auto 30 | ! 31 | interface GigabitEthernet0/3 32 | negotiation auto 33 | ! 34 | interface GigabitEthernet1/0 35 | negotiation auto 36 | ! 37 | interface GigabitEthernet1/1 38 | negotiation auto 39 | ! 40 | interface GigabitEthernet1/2 41 | negotiation auto 42 | ! 43 | interface GigabitEthernet1/3 44 | negotiation auto 45 | ! 46 | interface GigabitEthernet2/0 47 | negotiation auto 48 | ! 49 | interface GigabitEthernet2/1 50 | negotiation auto 51 | ! 52 | interface GigabitEthernet2/2 53 | negotiation auto 54 | ! 55 | interface GigabitEthernet2/3 56 | negotiation auto 57 | ! 58 | interface GigabitEthernet3/0 59 | negotiation auto 60 | ! 61 | interface GigabitEthernet3/1 62 | negotiation auto 63 | ! 64 | interface GigabitEthernet3/2 65 | negotiation auto 66 | ! 67 | interface GigabitEthernet3/3 68 | no switchport 69 | ip address dhcp 70 | negotiation auto 71 | ! 72 | ip forward-protocol nd 73 | ! 74 | ip http server 75 | ! 76 | ip ssh version 2 77 | ip scp server enable 78 | ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr 79 | ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr 80 | ! 81 | control-plane 82 | ! 83 | line con 0 84 | line aux 0 85 | line vty 0 4 86 | login local 87 | transport input ssh 88 | ! 89 | end 90 | -------------------------------------------------------------------------------- /inventories/custom/startup_ios/group_vars/all: -------------------------------------------------------------------------------- 1 | --- 2 | template: "{{ inventory_dir }}/templates/iosv_default_config.j2" 3 | gns3_url: "http://172.16.253.1" 4 | gns3_lab_user: "{{ ansible_user }}" 5 | gns3_lab_pass: "{{ ansible_ssh_pass }}" 6 | project_name: "startup_ios_lab" 7 | gns3_nodes_spec: 8 | - name: "GATEWAY" 9 | template: "Cisco IOSv 15.7(3)M3" 10 | x: 0 11 | y: -200 12 | - name: "SW0" 13 | template: "Cisco IOSvL2 15.2.1" 14 | x: 0 15 | y: -50 16 | - name: "NAT" 17 | template: "NAT" 18 | x: 100 19 | y: -200 20 | - name: "PC1" 21 | template: "linux-pc" 22 | x: -200 23 | y: -100 24 | - name: "PC2" 25 | template: "linux-pc" 26 | x: -200 27 | y: 0 28 | - name: "PC3" 29 | template: "linux-pc" 30 | x: -200 31 | y: 100 32 | - name: "PC4" 33 | template: "linux-pc" 34 | x: -100 35 | y: 100 36 | - name: "PC5" 37 | template: "linux-pc" 38 | x: 0 39 | y: 100 40 | - name: "PC6" 41 | template: "linux-pc" 42 | x: 100 43 | y: 100 44 | - name: "PC7" 45 | template: "linux-pc" 46 | x: 200 47 | y: 100 48 | - name: "PC8" 49 | template: "linux-pc" 50 | x: 200 51 | y: 100 52 | - name: "PC9" 53 | template: "linux-pc" 54 | x: 200 55 | y: 0 56 | - name: "PC10" 57 | template: "linux-pc" 58 | x: 200 59 | y: -100 60 | gns3_links_spec: 61 | - ["GATEWAY", "Gi0/1", "NAT", "nat0"] 62 | - ["GATEWAY", "Gi0/0", "SW0", "Gi0/0"] 63 | - ["SW0", "Gi1/0", "PC1", "Ethernet0"] 64 | - ["SW0", "Gi1/1", "PC2", "Ethernet0"] 65 | - ["SW0", "Gi1/2", "PC3", "Ethernet0"] 66 | - ["SW0", "Gi1/3", "PC4", "Ethernet0"] 67 | - ["SW0", "Gi2/0", "PC5", "Ethernet0"] 68 | - ["SW0", "Gi2/1", "PC6", "Ethernet0"] 69 | - ["SW0", "Gi2/2", "PC7", "Ethernet0"] 70 | - ["SW0", "Gi2/3", "PC8", "Ethernet0"] 71 | - ["SW0", "Gi3/0", "PC9", "Ethernet0"] 72 | - ["SW0", "Gi3/1", "PC10", "Ethernet0"] 73 | -------------------------------------------------------------------------------- /roles/ios_rip/tasks/enable_rip.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: get the classfull networks for rip 3 | block: 4 | - name: get the classfull networks list for rip interfaces class by class 5 | set_fact: 6 | ipv4a: > 7 | {{ interfaces | selectattr('rip', 'defined') | map(attribute='ipv4_address') 8 | | ipaddr('address') | ipaddr('0.0.0.0/1') 9 | | map('regex_replace', '(\\b(?:[0-9]{1,3}\\.){3}[0-9]{1,3}\\b)', '\\1/8') 10 | | ipaddr('network') | list | unique }} 11 | ipv4b: > 12 | {{ interfaces | selectattr('rip', 'defined') | map(attribute='ipv4_address') 13 | | ipaddr('address') | ipaddr('128.0.0.0/2') 14 | | map('regex_replace', '(\\b(?:[0-9]{1,3}\\.){3}[0-9]{1,3}\\b)', '\\1/16') 15 | | ipaddr('network') | list | unique }} 16 | ipv4c: > 17 | {{ interfaces | selectattr('rip', 'defined') | map(attribute='ipv4_address') 18 | | ipaddr('address') | ipaddr('192.0.0.0/3') 19 | | map('regex_replace', '(\\b(?:[0-9]{1,3}\\.){3}[0-9]{1,3}\\b)', '\\1/24') 20 | | ipaddr('network') | list | unique }} 21 | - name: get the full list of classfull networks for rip inetrfaces 22 | set_fact: 23 | ipv4_classful_list: "{{ ipv4a + ipv4b + ipv4c }}" 24 | - name: enable rip version 2 25 | ios_config: 26 | defaults: yes 27 | parents: router rip 28 | lines: 29 | - version 2 30 | when: interfaces | selectattr('rip', 'defined') | list 31 | - name: enable rip passive-interface 32 | ios_config: 33 | defaults: yes 34 | parents: router rip 35 | lines: 36 | - passive-interface {{ item.id }} 37 | loop: "{{ interfaces | selectattr('passive', 'defined') | list }}" 38 | - name: enable rip interfaces 39 | ios_config: 40 | defaults: no 41 | parents: router rip 42 | lines: 43 | - "network {{ item }}" 44 | loop: "{{ ipv4_classful_list }}" 45 | when: ipv4_classful_list | length>0 46 | -------------------------------------------------------------------------------- /inventories/custom/osseclab/group_vars/all: -------------------------------------------------------------------------------- 1 | --- 2 | template: "{{ inventory_dir }}/templates/default_config.j2" 3 | gns3_url: "http://172.16.253.1" 4 | gns3_lab_user: "{{ ansible_user }}" 5 | gns3_lab_pass: "{{ ansible_ssh_pass }}" 6 | project_name: "osseclab" 7 | gns3_nodes_spec: 8 | - name: "NAT" 9 | template: "NAT" 10 | x: 100 11 | y: -200 12 | - name: "gateway" 13 | template: "gateway" 14 | x: 0 15 | y: -200 16 | - name: "lan1" 17 | template: "Ethernet switch" 18 | x: -200 19 | y: -50 20 | - name: "pc1" 21 | template: "linux-pc" 22 | x: -300 23 | y: 50 24 | - name: "srv1" 25 | template: "linux-server" 26 | x: -100 27 | y: 50 28 | - name: "lan2" 29 | template: "Ethernet switch" 30 | x: 200 31 | y: -50 32 | - name: "pc2" 33 | template: "linux-pc" 34 | x: 100 35 | y: 50 36 | - name: "srv2" 37 | template: "linux-server" 38 | x: 300 39 | y: 50 40 | - name: "management" 41 | template: "Ethernet switch" 42 | x: 0 43 | y: 200 44 | - name: "controller" 45 | template: "controller" 46 | x: -100 47 | y: 250 48 | - name: "natctrl" 49 | template: "NAT" 50 | x: -350 51 | y: 250 52 | gns3_links_spec: 53 | - ["gateway", "Ethernet1", "NAT", "nat0"] 54 | - ["gateway", "Ethernet0", "lan1", "Ethernet0"] 55 | - ["gateway", "Ethernet2", "lan2", "Ethernet0"] 56 | - ["lan1", "Ethernet1", "pc1", "Ethernet0"] 57 | - ["lan1", "Ethernet2", "srv1", "Ethernet0"] 58 | - ["lan2", "Ethernet1", "pc2", "Ethernet0"] 59 | - ["lan2", "Ethernet2", "srv2", "Ethernet0"] 60 | - ["natctrl", "nat0", "controller", "Ethernet1"] 61 | - ["management", "Ethernet0", "controller", "Ethernet0"] 62 | - ["management", "Ethernet1", "pc1", "Ethernet1"] 63 | - ["management", "Ethernet2", "srv1", "Ethernet1"] 64 | - ["management", "Ethernet3", "pc2", "Ethernet1"] 65 | - ["management", "Ethernet4", "srv2", "Ethernet1"] 66 | - ["management", "Ethernet5", "gateway", "Ethernet3"] 67 | -------------------------------------------------------------------------------- /inventories/custom/startup_ios/templates/iosv_default_config.j2: -------------------------------------------------------------------------------- 1 | configure terminal 2 | hostname {{ inventory_hostname }} 3 | {% if mgmt_interface is defined %} 4 | interface {{ mgmt_interface }} 5 | {% if image_style == "iosv_l2" %} 6 | no switchport 7 | {% endif %} 8 | ip address dhcp 9 | no cdp enable 10 | no shutdown 11 | {% endif %} 12 | {% if inventory_hostname == "GATEWAY" and image_style == "iosv_l3" %} 13 | interface GigabitEthernet0/0 14 | description LAN interface 15 | ip address 192.168.1.254 255.255.255.0 16 | ipv6 address FE80::1 link-local 17 | ip nat inside 18 | no shutdown 19 | interface GigabitEthernet0/1 20 | description WAN interface 21 | ip address dhcp 22 | ip nat outside 23 | no shutdown 24 | ip access-list standard lan 25 | permit 192.168.1.0 0.0.0.255 26 | ip nat inside source list lan interface GigabitEthernet0/1 overload 27 | ip domain lookup 28 | ip name-server 8.8.8.8 29 | ip dns server 30 | ip dhcp excluded-address 192.168.1.200 192.168.1.254 31 | ip dhcp pool DHCP-LAN 32 | network 192.168.1.0 255.255.255.0 33 | default-router 192.168.1.254 34 | dns-server 192.168.1.254 35 | ipv6 unicast-routing 36 | ipv6 dhcp pool DHCPv6-GLA 37 | address prefix 2001:470:c814:ca00::/64 38 | dns-server 2001:470:c814:ca00::1 39 | ipv6 dhcp pool DHCPv6-ULA 40 | address prefix FD00:192:168:1::/64 41 | dns-server FD00:192:168:1::1 42 | interface GigabitEthernet0/0 43 | ipv6 address FE80::1 link-local 44 | ipv6 address 2001:470:c814:ca00::1/64 45 | ipv6 address FD00:192:168:1::1/64 46 | ipv6 nd managed-config-flag 47 | ipv6 nd other-config-flag 48 | ipv6 dhcp server DHCPv6-UGA 49 | ipv6 dhcp server DHCPv6-ULA 50 | interface GigabitEthernet0/1 51 | description WAN interface 52 | ipv6 address 2001:470:c814::ca:1/64 53 | ipv6 nd ra suppress 54 | ipv6 route 2000::/3 GigabitEthernet0/1 2001:470:c814::1 55 | {% endif %} 56 | ip domain-name lan 57 | username {{ gns3_lab_user }} privilege 15 password {{ gns3_lab_pass }} 58 | crypto key generate rsa modulus 2048 59 | ip ssh version 2 60 | ip scp server enable 61 | line vty 0 4 62 | login local 63 | transport input ssh 64 | end 65 | write memory 66 | -------------------------------------------------------------------------------- /roles/ios_role/meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: goffinet 3 | description: your role description 4 | #company: your company (optional) 5 | 6 | # If the issue tracker for your role is not on github, uncomment the 7 | # next line and provide a value 8 | # issue_tracker_url: http://example.com/issue/tracker 9 | 10 | # Choose a valid license ID from https://spdx.org - some suggested licenses: 11 | # - BSD-3-Clause (default) 12 | # - MIT 13 | # - GPL-2.0-or-later 14 | # - GPL-3.0-only 15 | # - Apache-2.0 16 | # - CC-BY-4.0 17 | license: CC-BY-4.0 18 | 19 | min_ansible_version: 2.9 20 | 21 | # If this a Container Enabled role, provide the minimum Ansible Container version. 22 | # min_ansible_container_version: 23 | 24 | # 25 | # Provide a list of supported platforms, and for each platform a list of versions. 26 | # If you don't wish to enumerate all versions for a particular platform, use 'all'. 27 | # To view available platforms and versions (or releases), visit: 28 | # https://galaxy.ansible.com/api/v1/platforms/ 29 | # 30 | # platforms: 31 | # - name: Fedora 32 | # versions: 33 | # - all 34 | # - 25 35 | # - name: SomePlatform 36 | # versions: 37 | # - all 38 | # - 1.0 39 | # - 7 40 | # - 99.99 41 | platforms: 42 | - name: VIOS-ADVENTERPRISEK9-M 43 | versions: 44 | - 15.6(2)T 45 | - name: vios_l2-ADVENTERPRISEK9-M 46 | versions: 47 | - 15.2(20170321:233949) 48 | 49 | galaxy_tags: 50 | - cisco 51 | - iosv 52 | - ccna 53 | # List tags for your role here, one per line. A tag is a keyword that describes 54 | # and categorizes the role. Users find roles by searching for tags. Be sure to 55 | # remove the '[]' above, if you add tags to this list. 56 | # 57 | # NOTE: A tag is limited to a single word comprised of alphanumeric characters. 58 | # Maximum 20 tags per role. 59 | 60 | dependencies: [] 61 | # List your role dependencies here, one per line. Be sure to remove the '[]' above, 62 | # if you add dependencies to this list. 63 | -------------------------------------------------------------------------------- /inventories/custom/ospf_neighbors/templates/iosv_default_config.j2: -------------------------------------------------------------------------------- 1 | configure terminal 2 | hostname {{ inventory_hostname }} 3 | {% if mgmt_interface is defined %} 4 | interface {{ mgmt_interface }} 5 | {% if image_style == "iosv_l2" %} 6 | no switchport 7 | {% endif %} 8 | ip address dhcp 9 | no cdp enable 10 | no shutdown 11 | {% endif %} 12 | {% if inventory_hostname == "R1" and image_style == "iosv_l3" %} 13 | interface lo 0 14 | ip address 10.10.10.10 255.255.255.255 15 | ip ospf 1 area 0 16 | interface g0/0 17 | ip address 192.168.1.1 255.255.255.0 18 | ip ospf 1 area 0 19 | no shutdown 20 | router ospf 1 21 | router-id 1.1.1.1 22 | {% endif %} 23 | {% if inventory_hostname == "R2" and image_style == "iosv_l3" %} 24 | interface lo 0 25 | ip address 20.20.20.20 255.255.255.255 26 | ip ospf 1 area 0 27 | interface g0/0 28 | ip address 192.168.1.2 255.255.255.0 29 | ip ospf 1 area 0 30 | no shutdown 31 | router ospf 1 32 | router-id 2.2.2.2 33 | {% endif %} 34 | {% if inventory_hostname == "R3" and image_style == "iosv_l3" %} 35 | interface lo 0 36 | ip address 30.30.30.30 255.255.255.255 37 | ip ospf 1 area 0 38 | interface g0/0 39 | ip address 192.168.1.3 255.255.255.0 40 | ip ospf 1 area 0 41 | no shutdown 42 | router ospf 1 43 | router-id 3.3.3.3 44 | {% endif %} 45 | {% if inventory_hostname == "R4" and image_style == "iosv_l3" %} 46 | hostname R4 47 | interface lo 0 48 | ip address 40.40.40.40 255.255.255.255 49 | ip ospf 1 area 0 50 | interface g0/0 51 | ip address 192.168.1.4 255.255.255.0 52 | ip ospf 1 area 0 53 | no shutdown 54 | router ospf 1 55 | router-id 4.4.4.4 56 | {% endif %} 57 | {% if inventory_hostname == "R5" and image_style == "iosv_l3" %} 58 | interface lo 0 59 | ip address 50.50.50.50 255.255.255.255 60 | ip ospf 1 area 0 61 | interface g0/0 62 | ip address 192.168.1.5 255.255.255.0 63 | ip ospf 1 area 0 64 | no shutdown 65 | router ospf 1 66 | router-id 5.5.5.5 67 | {% endif %} 68 | ip domain-name lan 69 | username {{ gns3_lab_user }} privilege 15 password {{ gns3_lab_pass }} 70 | crypto key generate rsa modulus 2048 71 | ip ssh version 2 72 | ip scp server enable 73 | line vty 0 4 74 | login local 75 | transport input ssh 76 | end 77 | write memory 78 | -------------------------------------------------------------------------------- /inventories/ccnp/01_01_02_inter_vlan_routing/group_vars/all: -------------------------------------------------------------------------------- 1 | --- 2 | template: "{{ inventory_dir }}/templates/default_config.j2" 3 | gns3_url: "http://172.16.253.1" 4 | gns3_lab_user: "{{ ansible_user }}" 5 | gns3_lab_pass: "{{ ansible_ssh_pass }}" 6 | project_name: "ccnp_01_01_02_inter_vlan_routing" 7 | gns3_nodes_spec: 8 | - name: "controller" 9 | template: "linux-pc" 10 | x: -180 11 | y: -15 12 | - name: "R1" 13 | template: "Cisco IOSv 15.7(3)M3" 14 | x: -100 15 | y: -100 16 | - name: "R3" 17 | template: "Cisco IOSv 15.7(3)M3" 18 | x: 100 19 | y: -100 20 | - name: "DS1" 21 | template: "Cisco IOSvL2 15.2.1" 22 | x: -100 23 | y: 45 24 | - name: "DS2" 25 | template: "Cisco IOSvL2 15.2.1" 26 | x: 100 27 | y: 45 28 | - name: "PC1" 29 | template: "linux-pc" 30 | x: -150 31 | y: 150 32 | - name: "PC2" 33 | template: "linux-pc" 34 | x: -50 35 | y: 150 36 | - name: "PC3" 37 | template: "linux-pc" 38 | x: 50 39 | y: 150 40 | - name: "PC4" 41 | template: "linux-pc" 42 | x: 150 43 | y: 150 44 | - name: "ctrl0" 45 | template: "Ethernet switch" 46 | x: 0 47 | y: 0 48 | - name: "ctrl1" 49 | template: "Ethernet switch" 50 | x: 0 51 | y: 50 52 | - name: "nat1" 53 | template: "NAT" 54 | x: -400 55 | y: -20 56 | gns3_links_spec: 57 | - ["R1", "Gi0/3", "R3", "Gi0/1"] 58 | - ["DS1", "Gi1/0", "R1", "Gi0/0"] 59 | - ["DS2", "Gi1/0", "R3", "Gi0/0"] 60 | - ["DS1", "Gi2/2", "PC1", "Ethernet0"] 61 | - ["DS1", "Gi2/3", "PC2", "Ethernet0"] 62 | - ["DS2", "Gi2/2", "PC3", "Ethernet0"] 63 | - ["DS2", "Gi2/3", "PC4", "Ethernet0"] 64 | - ["R1", "Gi0/7", "ctrl0", "Ethernet1"] 65 | - ["R3", "Gi0/7", "ctrl0", "Ethernet2"] 66 | - ["DS1", "Gi3/3", "ctrl0", "Ethernet3"] 67 | - ["DS2", "Gi3/3", "ctrl0", "Ethernet4"] 68 | - ["controller", "Ethernet0", "ctrl0", "Ethernet0"] 69 | - ["controller", "Ethernet1", "nat1", "nat0"] 70 | - ["ctrl1", "Ethernet0", "ctrl0", "Ethernet7"] 71 | - ["ctrl1", "Ethernet1", "PC1", "Ethernet1"] 72 | - ["ctrl1", "Ethernet2", "PC2", "Ethernet1"] 73 | - ["ctrl1", "Ethernet3", "PC3", "Ethernet1"] 74 | - ["ctrl1", "Ethernet4", "PC4", "Ethernet1"] 75 | -------------------------------------------------------------------------------- /playbooks/files/default_configs/SW0.cfg: -------------------------------------------------------------------------------- 1 | version 15.2 2 | service timestamps debug datetime msec 3 | service timestamps log datetime msec 4 | no service password-encryption 5 | service compress-config 6 | ! 7 | hostname SW0 8 | ! 9 | boot-start-marker 10 | boot-end-marker 11 | ! 12 | ! 13 | ! 14 | username root privilege 15 password 0 testtest 15 | no aaa new-model 16 | ! 17 | ! 18 | ! 19 | ! 20 | ! 21 | ! 22 | ! 23 | ! 24 | ip domain-name lan 25 | ip cef 26 | no ipv6 cef 27 | ! 28 | ! 29 | ! 30 | spanning-tree mode pvst 31 | spanning-tree extend system-id 32 | ! 33 | ! 34 | ! 35 | ! 36 | ! 37 | ! 38 | ! 39 | ! 40 | ! 41 | ! 42 | ! 43 | ! 44 | ! 45 | ! 46 | interface GigabitEthernet0/0 47 | negotiation auto 48 | ! 49 | interface GigabitEthernet0/1 50 | negotiation auto 51 | ! 52 | interface GigabitEthernet0/2 53 | negotiation auto 54 | ! 55 | interface GigabitEthernet0/3 56 | negotiation auto 57 | ! 58 | interface GigabitEthernet1/0 59 | negotiation auto 60 | ! 61 | interface GigabitEthernet1/1 62 | negotiation auto 63 | ! 64 | interface GigabitEthernet1/2 65 | negotiation auto 66 | ! 67 | interface GigabitEthernet1/3 68 | negotiation auto 69 | ! 70 | interface GigabitEthernet2/0 71 | negotiation auto 72 | ! 73 | interface GigabitEthernet2/1 74 | negotiation auto 75 | ! 76 | interface GigabitEthernet2/2 77 | negotiation auto 78 | ! 79 | interface GigabitEthernet2/3 80 | negotiation auto 81 | ! 82 | interface GigabitEthernet3/0 83 | negotiation auto 84 | ! 85 | interface GigabitEthernet3/1 86 | negotiation auto 87 | ! 88 | interface GigabitEthernet3/2 89 | negotiation auto 90 | ! 91 | interface GigabitEthernet3/3 92 | no switchport 93 | ip address dhcp 94 | negotiation auto 95 | no cdp enable 96 | ! 97 | ip forward-protocol nd 98 | ! 99 | ip http server 100 | ! 101 | ip ssh version 2 102 | ip scp server enable 103 | ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr 104 | ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr 105 | ! 106 | control-plane 107 | ! 108 | line con 0 109 | line aux 0 110 | line vty 0 4 111 | login local 112 | transport input ssh 113 | ! 114 | ! 115 | end 116 | -------------------------------------------------------------------------------- /playbooks/files/default_configs/SW1.cfg: -------------------------------------------------------------------------------- 1 | version 15.2 2 | service timestamps debug datetime msec 3 | service timestamps log datetime msec 4 | no service password-encryption 5 | service compress-config 6 | ! 7 | hostname SW1 8 | ! 9 | boot-start-marker 10 | boot-end-marker 11 | ! 12 | ! 13 | ! 14 | username root privilege 15 password 0 testtest 15 | no aaa new-model 16 | ! 17 | ! 18 | ! 19 | ! 20 | ! 21 | ! 22 | ! 23 | ! 24 | ip domain-name lan 25 | ip cef 26 | no ipv6 cef 27 | ! 28 | ! 29 | ! 30 | spanning-tree mode pvst 31 | spanning-tree extend system-id 32 | ! 33 | ! 34 | ! 35 | ! 36 | ! 37 | ! 38 | ! 39 | ! 40 | ! 41 | ! 42 | ! 43 | ! 44 | ! 45 | ! 46 | interface GigabitEthernet0/0 47 | negotiation auto 48 | ! 49 | interface GigabitEthernet0/1 50 | negotiation auto 51 | ! 52 | interface GigabitEthernet0/2 53 | negotiation auto 54 | ! 55 | interface GigabitEthernet0/3 56 | negotiation auto 57 | ! 58 | interface GigabitEthernet1/0 59 | negotiation auto 60 | ! 61 | interface GigabitEthernet1/1 62 | negotiation auto 63 | ! 64 | interface GigabitEthernet1/2 65 | negotiation auto 66 | ! 67 | interface GigabitEthernet1/3 68 | negotiation auto 69 | ! 70 | interface GigabitEthernet2/0 71 | negotiation auto 72 | ! 73 | interface GigabitEthernet2/1 74 | negotiation auto 75 | ! 76 | interface GigabitEthernet2/2 77 | negotiation auto 78 | ! 79 | interface GigabitEthernet2/3 80 | negotiation auto 81 | ! 82 | interface GigabitEthernet3/0 83 | negotiation auto 84 | ! 85 | interface GigabitEthernet3/1 86 | negotiation auto 87 | ! 88 | interface GigabitEthernet3/2 89 | negotiation auto 90 | ! 91 | interface GigabitEthernet3/3 92 | no switchport 93 | ip address dhcp 94 | negotiation auto 95 | no cdp enable 96 | ! 97 | ip forward-protocol nd 98 | ! 99 | ip http server 100 | ! 101 | ip ssh version 2 102 | ip scp server enable 103 | ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr 104 | ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr 105 | ! 106 | control-plane 107 | ! 108 | line con 0 109 | line aux 0 110 | line vty 0 4 111 | login local 112 | transport input ssh 113 | ! 114 | ! 115 | end 116 | -------------------------------------------------------------------------------- /inventories/ccna/host_vars/AS1: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: AS1 3 | group_channels: 4 | - id: 1 5 | mode: active 6 | interfaces: 7 | - GigabitEthernet0/0 8 | - GigabitEthernet1/0 9 | - id: 2 10 | mode: active 11 | interfaces: 12 | - GigabitEthernet0/1 13 | - GigabitEthernet1/1 14 | interfaces: 15 | - id: GigabitEthernet2/0 16 | description: "PC1 vlan 10 access port" 17 | access: 18 | vlan: 10 19 | - id: GigabitEthernet2/1 20 | description: "PC2 vlan 20 access port" 21 | access: 22 | vlan: 20 23 | - id: GigabitEthernet2/2 24 | description: "PC3 vlan 30 access port" 25 | access: 26 | vlan: 30 27 | - id: GigabitEthernet2/3 28 | description: "PC4 vlan 40 access port" 29 | access: 30 | vlan: 40 31 | - id: Vlan99 32 | description: "Management interface" 33 | ipv4_address: 172.16.0.1/24 34 | gateway: 172.16.0.254 35 | - id: GigabitEthernet0/0 36 | description: "Trunk Group Channel1 to DS1" 37 | trunk: 38 | native: 99 39 | - id: GigabitEthernet1/0 40 | description: "Trunk Group Channel1 to DS1" 41 | trunk: 42 | native: 99 43 | - id: GigabitEthernet0/1 44 | description: "Trunk Group Channel2 to DS2" 45 | trunk: 46 | native: 99 47 | - id: GigabitEthernet1/1 48 | description: "Trunk Group Channel2 to DS2" 49 | trunk: 50 | native: 99 51 | - id: Port-channel1 52 | description: "Trunk Group Channel1 to DS1" 53 | trunk: 54 | native: 99 55 | - id: Port-channel2 56 | description: "Trunk Group Channel2 to DS2" 57 | trunk: 58 | native: 99 59 | - id: GigabitEthernet0/2 60 | description: "Stub interface" 61 | stub: true 62 | - id: GigabitEthernet0/3 63 | description: "Stub interface" 64 | stub: true 65 | - id: GigabitEthernet1/2 66 | description: "Stub interface" 67 | stub: true 68 | - id: GigabitEthernet1/3 69 | description: "Stub interface" 70 | stub: true 71 | - id: GigabitEthernet3/0 72 | description: "Stub interface" 73 | stub: true 74 | - id: GigabitEthernet3/1 75 | description: "Stub interface" 76 | stub: true 77 | - id: GigabitEthernet3/2 78 | description: "Stub interface" 79 | stub: true 80 | -------------------------------------------------------------------------------- /inventories/ccna/host_vars/AS2: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: AS2 3 | group_channels: 4 | - id: 4 5 | mode: active 6 | interfaces: 7 | - GigabitEthernet0/0 8 | - GigabitEthernet1/0 9 | - id: 5 10 | mode: active 11 | interfaces: 12 | - GigabitEthernet0/1 13 | - GigabitEthernet1/1 14 | interfaces: 15 | - id: GigabitEthernet2/0 16 | description: "PC5 vlan 10 access port" 17 | access: 18 | vlan: 10 19 | - id: GigabitEthernet2/1 20 | description: "PC6 vlan 20 access port" 21 | access: 22 | vlan: 20 23 | - id: GigabitEthernet2/2 24 | description: "PC7 vlan 30 access port" 25 | access: 26 | vlan: 30 27 | - id: GigabitEthernet2/3 28 | description: "PC8 vlan 40 access port" 29 | access: 30 | vlan: 40 31 | - id: Vlan99 32 | description: "Management interface" 33 | ipv4_address: 172.16.0.2/24 34 | gateway: 172.16.0.254 35 | - id: GigabitEthernet0/0 36 | description: "Trunk Group Channel4 to DS2" 37 | trunk: 38 | native: 99 39 | - id: GigabitEthernet1/0 40 | description: "Trunk Group Channel4 to DS2" 41 | trunk: 42 | native: 99 43 | - id: GigabitEthernet0/1 44 | description: "Trunk Group Channel5 to DS1" 45 | trunk: 46 | native: 99 47 | - id: GigabitEthernet1/1 48 | description: "Trunk Group Channel5 to DS1" 49 | trunk: 50 | native: 99 51 | - id: Port-channel4 52 | description: "Trunk Group Channel4 to DS2" 53 | trunk: 54 | native: 99 55 | - id: Port-channel5 56 | description: "Trunk Group Channel5 to DS1" 57 | trunk: 58 | native: 99 59 | - id: GigabitEthernet0/2 60 | description: "Stub interface" 61 | stub: true 62 | - id: GigabitEthernet0/3 63 | description: "Stub interface" 64 | stub: true 65 | - id: GigabitEthernet1/2 66 | description: "Stub interface" 67 | stub: true 68 | - id: GigabitEthernet1/3 69 | description: "Stub interface" 70 | stub: true 71 | - id: GigabitEthernet3/0 72 | description: "Stub interface" 73 | stub: true 74 | - id: GigabitEthernet3/1 75 | description: "Stub interface" 76 | stub: true 77 | - id: GigabitEthernet3/2 78 | description: "Stub interface" 79 | stub: true 80 | -------------------------------------------------------------------------------- /inventories/switchblock/host_vars/AS1: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: AS1 3 | group_channels: 4 | - id: 1 5 | mode: active 6 | interfaces: 7 | - GigabitEthernet0/0 8 | - GigabitEthernet1/0 9 | - id: 2 10 | mode: active 11 | interfaces: 12 | - GigabitEthernet0/1 13 | - GigabitEthernet1/1 14 | interfaces: 15 | - id: GigabitEthernet2/0 16 | description: "PC1 vlan 10 access port" 17 | access: 18 | vlan: 10 19 | - id: GigabitEthernet2/1 20 | description: "PC2 vlan 20 access port" 21 | access: 22 | vlan: 20 23 | - id: GigabitEthernet2/2 24 | description: "PC3 vlan 30 access port" 25 | access: 26 | vlan: 30 27 | - id: GigabitEthernet2/3 28 | description: "PC4 vlan 40 access port" 29 | access: 30 | vlan: 40 31 | - id: Vlan99 32 | description: "Management interface" 33 | ipv4_address: 172.16.0.1/24 34 | gateway: 172.16.0.254 35 | - id: GigabitEthernet0/0 36 | description: "Trunk Group Channel1 to DS1" 37 | trunk: 38 | native: 99 39 | - id: GigabitEthernet1/0 40 | description: "Trunk Group Channel1 to DS1" 41 | trunk: 42 | native: 99 43 | - id: GigabitEthernet0/1 44 | description: "Trunk Group Channel2 to DS2" 45 | trunk: 46 | native: 99 47 | - id: GigabitEthernet1/1 48 | description: "Trunk Group Channel2 to DS2" 49 | trunk: 50 | native: 99 51 | - id: Port-channel1 52 | description: "Trunk Group Channel1 to DS1" 53 | trunk: 54 | native: 99 55 | - id: Port-channel2 56 | description: "Trunk Group Channel2 to DS2" 57 | trunk: 58 | native: 99 59 | - id: GigabitEthernet0/2 60 | description: "Stub interface" 61 | stub: true 62 | - id: GigabitEthernet0/3 63 | description: "Stub interface" 64 | stub: true 65 | - id: GigabitEthernet1/2 66 | description: "Stub interface" 67 | stub: true 68 | - id: GigabitEthernet1/3 69 | description: "Stub interface" 70 | stub: true 71 | - id: GigabitEthernet3/0 72 | description: "Stub interface" 73 | stub: true 74 | - id: GigabitEthernet3/1 75 | description: "Stub interface" 76 | stub: true 77 | - id: GigabitEthernet3/2 78 | description: "Stub interface" 79 | stub: true 80 | -------------------------------------------------------------------------------- /inventories/switchblock/host_vars/AS2: -------------------------------------------------------------------------------- 1 | --- 2 | hostname: AS2 3 | group_channels: 4 | - id: 4 5 | mode: active 6 | interfaces: 7 | - GigabitEthernet0/0 8 | - GigabitEthernet1/0 9 | - id: 5 10 | mode: active 11 | interfaces: 12 | - GigabitEthernet0/1 13 | - GigabitEthernet1/1 14 | interfaces: 15 | - id: GigabitEthernet2/0 16 | description: "PC5 vlan 10 access port" 17 | access: 18 | vlan: 10 19 | - id: GigabitEthernet2/1 20 | description: "PC6 vlan 20 access port" 21 | access: 22 | vlan: 20 23 | - id: GigabitEthernet2/2 24 | description: "PC7 vlan 30 access port" 25 | access: 26 | vlan: 30 27 | - id: GigabitEthernet2/3 28 | description: "PC8 vlan 40 access port" 29 | access: 30 | vlan: 40 31 | - id: Vlan99 32 | description: "Management interface" 33 | ipv4_address: 172.16.0.2/24 34 | gateway: 172.16.0.254 35 | - id: GigabitEthernet0/0 36 | description: "Trunk Group Channel4 to DS2" 37 | trunk: 38 | native: 99 39 | - id: GigabitEthernet1/0 40 | description: "Trunk Group Channel4 to DS2" 41 | trunk: 42 | native: 99 43 | - id: GigabitEthernet0/1 44 | description: "Trunk Group Channel5 to DS1" 45 | trunk: 46 | native: 99 47 | - id: GigabitEthernet1/1 48 | description: "Trunk Group Channel5 to DS1" 49 | trunk: 50 | native: 99 51 | - id: Port-channel4 52 | description: "Trunk Group Channel4 to DS2" 53 | trunk: 54 | native: 99 55 | - id: Port-channel5 56 | description: "Trunk Group Channel5 to DS1" 57 | trunk: 58 | native: 99 59 | - id: GigabitEthernet0/2 60 | description: "Stub interface" 61 | stub: true 62 | - id: GigabitEthernet0/3 63 | description: "Stub interface" 64 | stub: true 65 | - id: GigabitEthernet1/2 66 | description: "Stub interface" 67 | stub: true 68 | - id: GigabitEthernet1/3 69 | description: "Stub interface" 70 | stub: true 71 | - id: GigabitEthernet3/0 72 | description: "Stub interface" 73 | stub: true 74 | - id: GigabitEthernet3/1 75 | description: "Stub interface" 76 | stub: true 77 | - id: GigabitEthernet3/2 78 | description: "Stub interface" 79 | stub: true 80 | -------------------------------------------------------------------------------- /docs/_data/navigation.yml: -------------------------------------------------------------------------------- 1 | main: 2 | - title: "GitHub" 3 | url: https://github.com/goffinet/ansible-ccna-lab 4 | 5 | menu: 6 | - title: Ansible CCNA Lab 7 | url: / 8 | - title: "1. Objectifs du projet" 9 | url: /objectifs/ 10 | - title: "2. La gestion du réseau avec Ansible" 11 | url: /gestion-ansible/ 12 | - title: "3. La mise en place du lab sur GNS3" 13 | url: /mise-en-place-du-lab-sur-gns3/ 14 | children: 15 | - title: "3.1. Setup du lab GNS3 avec Ansible" 16 | url: /mise-en-place-du-lab-sur-gns3/setup-du-lab-gns3-avec-ansible/ 17 | - title: "3.2. Configuration de la station de contrôle" 18 | url: /mise-en-place-du-lab-sur-gns3/configuration-de-la-station-de-controle/ 19 | - title: "3.3. Préparation des images Cisco IOSv pour GNS3" 20 | url: /mise-en-place-du-lab-sur-gns3/preparation-des-images-cisco-iosv-pour-gns3/ 21 | - title: "3.4. Récupérer le dépôt des livres de jeu Ansible" 22 | url: /mise-en-place-du-lab-sur-gns3/recuperer-depot-livres-de-jeu-ansible-ccna-lab/ 23 | - title: "3.5. Récupérer le dépôt des livres de jeu Ansible" 24 | url: /mise-en-place-du-lab-sur-gns3/recuperer-depot-livres-de-jeu-ansible-ccna-lab/ 25 | - title: "4. Les topologies CCNA" 26 | url: /topologies-ccna/ 27 | children: 28 | - title: "4.1. Topologie CCNA Gateway" 29 | url: /topologies-ccna/gateway/ 30 | - title: "4.2. Topologie CCNA Bipod" 31 | url: /topologies-ccna/bipod/ 32 | - title: "4.3. Topologie CCNA Tripod" 33 | url: /topologies-ccna/tripod/ 34 | - title: "4.4. Variante Router on a Stick" 35 | url: /topologies-ccna/bipod/ 36 | - title: "4.4. Variante Router on a Stick" 37 | url: /topologies-ccna/router-on-a-stick/ 38 | - title: "4.5. Topologie CCNA Switchblock" 39 | url: /topologies-ccna/switchblock/ 40 | - title: "4.6. Toplogie CCNA Tripod et Switchblock" 41 | url: /topologies-ccna/ccna/ 42 | - title: "4.7. Topologie Ansible Networking Workshop" 43 | url: /topologies-ccna/networking_workshop/ 44 | - title: "5. L'utilisation des livres de jeu" 45 | url: /utilisation-des-livres-de-jeu/ 46 | - title: "6. Notes et Todo" 47 | url: /notes-todo/ 48 | -------------------------------------------------------------------------------- /inventories/tripod/group_vars/all: -------------------------------------------------------------------------------- 1 | --- 2 | domain_name: lan 3 | ipv4: 4 | routing: 5 | # - rip 6 | - eigrp 7 | # - ospf 8 | ipv6: 9 | enabled: yes 10 | forwarding: yes 11 | routing: 12 | - eigrp 13 | # - ospf 14 | 15 | template: "templates/iosv_default_config.j2" 16 | gns3_url: "http://172.16.253.1" 17 | gns3_lab_user: "{{ ansible_user }}" 18 | gns3_lab_pass: "{{ ansible_ssh_pass }}" 19 | project_name: "tripod_lab" 20 | gns3_nodes_spec: 21 | - name: "controller" 22 | template: "controller" 23 | x: 0 24 | y: 150 25 | - name: "R1" 26 | template: "Cisco IOSv 15.7(3)M3" 27 | x: 0 28 | y: -200 29 | - name: "R2" 30 | template: "Cisco IOSv 15.7(3)M3" 31 | x: -100 32 | y: -100 33 | - name: "R3" 34 | template: "Cisco IOSv 15.7(3)M3" 35 | x: 100 36 | y: -100 37 | - name: "S1" 38 | template: "Ethernet switch" 39 | x: -100 40 | y: -185 41 | - name: "S2" 42 | template: "Ethernet switch" 43 | x: -200 44 | y: -85 45 | - name: "S3" 46 | template: "Ethernet switch" 47 | x: 200 48 | y: -85 49 | - name: "nat0" 50 | template: "NAT" 51 | x: 100 52 | y: -200 53 | - name: "PC1" 54 | template: "VPCS" 55 | x: -200 56 | y: -200 57 | - name: "PC2" 58 | template: "VPCS" 59 | x: -300 60 | y: -100 61 | - name: "PC3" 62 | template: "VPCS" 63 | x: 300 64 | y: -100 65 | - name: "ctrl0" 66 | template: "Ethernet switch" 67 | x: -5 68 | y: 50 69 | - name: "nat1" 70 | template: "NAT" 71 | x: -200 72 | y: 150 73 | gns3_links_spec: 74 | - ["R1", "Gi0/2", "R2", "Gi0/1"] 75 | - ["R1", "Gi0/3", "R3", "Gi0/1"] 76 | - ["R2", "Gi0/3", "R3", "Gi0/2"] 77 | - ["R1", "Gi0/1", "nat0", "nat0"] 78 | - ["R1", "Gi0/0", "S1", "Ethernet0"] 79 | - ["S1", "Ethernet1", "PC1", "Ethernet0"] 80 | - ["R2", "Gi0/0", "S2", "Ethernet0"] 81 | - ["S2", "Ethernet1", "PC2", "Ethernet0"] 82 | - ["R3", "Gi0/0", "S3", "Ethernet0"] 83 | - ["S3", "Ethernet1", "PC3", "Ethernet0"] 84 | - ["R1", "Gi0/7", "ctrl0", "Ethernet1"] 85 | - ["R2", "Gi0/7", "ctrl0", "Ethernet2"] 86 | - ["R3", "Gi0/7", "ctrl0", "Ethernet3"] 87 | - ["ctrl0", "Ethernet0", "controller", "Ethernet0"] 88 | - ["controller", "Ethernet1", "nat1", "nat0"] 89 | -------------------------------------------------------------------------------- /tests/LINUX-MANAGEMENT.md: -------------------------------------------------------------------------------- 1 | # Linux Management from the Centos Controller 2 | 3 | How to manage linux hosts with Ansible from the controller without the management network. 4 | 5 | On any or some distribution switch, enable IPv4 EIGRP dynamic routing for the management network: 6 | 7 | ```bash 8 | conf t 9 | router eigrp 1 10 | network 11.12.13.0 11 | ``` 12 | 13 | ## Dynamic routing 14 | 15 | FRRouting should be installed on the centos controller. 16 | 17 | To load an EIGRP config: 18 | 19 | ```bash 20 | vtysh -f /etc/frr/eigrpd.conf 21 | ``` 22 | 23 | To show learned routes: 24 | 25 | ```bash 26 | vtysh -c "show ip route" 27 | ``` 28 | 29 | ## Get linux hosts IP addresses from IOS DHCP servers 30 | 31 | ```bash 32 | cat << EOF > dhcpleases.yaml 33 | - hosts: distribution 34 | gather_facts: no 35 | tasks: 36 | - ios_command: 37 | commands: 38 | - show ip dhcp binding 39 | register: output 40 | - set_fact: 41 | ip_list: "{{ output.stdout | regex_findall('[0-9]{1,3}\\\.[0-9]{1,3}\\\.[0-9]{1,3}\\\.[0-9]{1,3}') | list }}" 42 | - debug: 43 | msg: "{{ item }}" 44 | loop: "{{ ip_list }}" 45 | delegate_to: 127.0.0.1 46 | - lineinfile: 47 | line: "{{ item }}," 48 | dest: ./linuxhosts 49 | create: yes 50 | state: present 51 | loop: "{{ ip_list }}" 52 | delegate_to: 127.0.0.1 53 | EOF 54 | 55 | ansible-playbook dhcpleases.yaml 56 | 57 | ansible -i "$(cat linuxhosts)" -u root -e ansible_password=testtest -m ping all 58 | ``` 59 | 60 | ## Configure RHEL hosts with rhel-system-roles 61 | 62 | ```bash 63 | yum -y install rhel-system-roles 64 | 65 | export ANSIBLE_ROLES_PATH=./roles:/usr/share/ansible/roles 66 | 67 | export ANSIBLE_ROLES_PATH=./roles:/usr/share/ansible/roles >> $HOME/.bashrc 68 | 69 | cat << EOF > ./configure_rhel_ntp.yaml 70 | - hosts: all 71 | vars: 72 | timesync_ntp_servers: 73 | - hostname: 192.168.1.1 74 | pool: yes 75 | iburst: yes 76 | timesync_ntp_provider: ntp 77 | roles: 78 | - role: rhel-system-roles.timesync 79 | tasks: 80 | - package: 81 | name: 82 | - ntp-perl 83 | EOF 84 | 85 | ansible-playbook -i "$(cat linuxhosts)" -u root -e ansible_password=testtest configure_rhel_ntp.yaml 86 | ``` 87 | -------------------------------------------------------------------------------- /playbooks/files/default_configs/R1.cfg: -------------------------------------------------------------------------------- 1 | version 15.6 2 | service timestamps debug datetime msec 3 | service timestamps log datetime msec 4 | no service password-encryption 5 | ! 6 | hostname R1 7 | ! 8 | boot-start-marker 9 | boot-end-marker 10 | ! 11 | no aaa new-model 12 | ! 13 | mmi polling-interval 60 14 | no mmi auto-configure 15 | no mmi pvc 16 | mmi snmp-timeout 180 17 | ! 18 | no ip icmp rate-limit unreachable 19 | ! 20 | no ip domain lookup 21 | ip domain name lan 22 | ip cef 23 | no ipv6 cef 24 | ! 25 | multilink bundle-name authenticated 26 | ! 27 | username root privilege 15 password 0 testtest 28 | ! 29 | redundancy 30 | ! 31 | no cdp log mismatch duplex 32 | ! 33 | ip tcp synwait-time 5 34 | ! 35 | interface GigabitEthernet0/0 36 | no ip address 37 | shutdown 38 | duplex auto 39 | speed auto 40 | media-type rj45 41 | ! 42 | interface GigabitEthernet0/1 43 | no ip address 44 | shutdown 45 | duplex auto 46 | speed auto 47 | media-type rj45 48 | ! 49 | interface GigabitEthernet0/2 50 | no ip address 51 | shutdown 52 | duplex auto 53 | speed auto 54 | media-type rj45 55 | ! 56 | interface GigabitEthernet0/3 57 | no ip address 58 | shutdown 59 | duplex auto 60 | speed auto 61 | media-type rj45 62 | ! 63 | interface GigabitEthernet0/4 64 | no ip address 65 | shutdown 66 | duplex auto 67 | speed auto 68 | media-type rj45 69 | ! 70 | interface GigabitEthernet0/5 71 | no ip address 72 | shutdown 73 | duplex auto 74 | speed auto 75 | media-type rj45 76 | ! 77 | interface GigabitEthernet0/6 78 | no ip address 79 | shutdown 80 | duplex auto 81 | speed auto 82 | media-type rj45 83 | ! 84 | interface GigabitEthernet0/7 85 | ip address dhcp 86 | duplex auto 87 | speed auto 88 | media-type rj45 89 | ! 90 | ip forward-protocol nd 91 | ! 92 | no ip http server 93 | no ip http secure-server 94 | ip ssh version 2 95 | ip scp server enable 96 | ! 97 | control-plane 98 | ! 99 | line con 0 100 | exec-timeout 0 0 101 | privilege level 15 102 | logging synchronous 103 | line aux 0 104 | exec-timeout 0 0 105 | privilege level 15 106 | logging synchronous 107 | line vty 0 4 108 | login local 109 | transport input ssh 110 | ! 111 | no scheduler allocate 112 | ! 113 | end 114 | -------------------------------------------------------------------------------- /playbooks/files/default_configs/R2.cfg: -------------------------------------------------------------------------------- 1 | version 15.6 2 | service timestamps debug datetime msec 3 | service timestamps log datetime msec 4 | no service password-encryption 5 | ! 6 | hostname R2 7 | ! 8 | boot-start-marker 9 | boot-end-marker 10 | ! 11 | no aaa new-model 12 | ! 13 | mmi polling-interval 60 14 | no mmi auto-configure 15 | no mmi pvc 16 | mmi snmp-timeout 180 17 | ! 18 | no ip icmp rate-limit unreachable 19 | ! 20 | no ip domain lookup 21 | ip domain name lan 22 | ip cef 23 | no ipv6 cef 24 | ! 25 | multilink bundle-name authenticated 26 | ! 27 | username root privilege 15 password 0 testtest 28 | ! 29 | redundancy 30 | ! 31 | no cdp log mismatch duplex 32 | ! 33 | ip tcp synwait-time 5 34 | ! 35 | interface GigabitEthernet0/0 36 | no ip address 37 | shutdown 38 | duplex auto 39 | speed auto 40 | media-type rj45 41 | ! 42 | interface GigabitEthernet0/1 43 | no ip address 44 | shutdown 45 | duplex auto 46 | speed auto 47 | media-type rj45 48 | ! 49 | interface GigabitEthernet0/2 50 | no ip address 51 | shutdown 52 | duplex auto 53 | speed auto 54 | media-type rj45 55 | ! 56 | interface GigabitEthernet0/3 57 | no ip address 58 | shutdown 59 | duplex auto 60 | speed auto 61 | media-type rj45 62 | ! 63 | interface GigabitEthernet0/4 64 | no ip address 65 | shutdown 66 | duplex auto 67 | speed auto 68 | media-type rj45 69 | ! 70 | interface GigabitEthernet0/5 71 | no ip address 72 | shutdown 73 | duplex auto 74 | speed auto 75 | media-type rj45 76 | ! 77 | interface GigabitEthernet0/6 78 | no ip address 79 | shutdown 80 | duplex auto 81 | speed auto 82 | media-type rj45 83 | ! 84 | interface GigabitEthernet0/7 85 | ip address dhcp 86 | duplex auto 87 | speed auto 88 | media-type rj45 89 | ! 90 | ip forward-protocol nd 91 | ! 92 | no ip http server 93 | no ip http secure-server 94 | ip ssh version 2 95 | ip scp server enable 96 | ! 97 | control-plane 98 | ! 99 | line con 0 100 | exec-timeout 0 0 101 | privilege level 15 102 | logging synchronous 103 | line aux 0 104 | exec-timeout 0 0 105 | privilege level 15 106 | logging synchronous 107 | line vty 0 4 108 | login local 109 | transport input ssh 110 | ! 111 | no scheduler allocate 112 | ! 113 | end 114 | -------------------------------------------------------------------------------- /playbooks/files/default_configs/R3.cfg: -------------------------------------------------------------------------------- 1 | version 15.6 2 | service timestamps debug datetime msec 3 | service timestamps log datetime msec 4 | no service password-encryption 5 | ! 6 | hostname R3 7 | ! 8 | boot-start-marker 9 | boot-end-marker 10 | ! 11 | no aaa new-model 12 | ! 13 | mmi polling-interval 60 14 | no mmi auto-configure 15 | no mmi pvc 16 | mmi snmp-timeout 180 17 | ! 18 | no ip icmp rate-limit unreachable 19 | ! 20 | no ip domain lookup 21 | ip domain name lan 22 | ip cef 23 | no ipv6 cef 24 | ! 25 | multilink bundle-name authenticated 26 | ! 27 | username root privilege 15 password 0 testtest 28 | ! 29 | redundancy 30 | ! 31 | no cdp log mismatch duplex 32 | ! 33 | ip tcp synwait-time 5 34 | ! 35 | interface GigabitEthernet0/0 36 | no ip address 37 | shutdown 38 | duplex auto 39 | speed auto 40 | media-type rj45 41 | ! 42 | interface GigabitEthernet0/1 43 | no ip address 44 | shutdown 45 | duplex auto 46 | speed auto 47 | media-type rj45 48 | ! 49 | interface GigabitEthernet0/2 50 | no ip address 51 | shutdown 52 | duplex auto 53 | speed auto 54 | media-type rj45 55 | ! 56 | interface GigabitEthernet0/3 57 | no ip address 58 | shutdown 59 | duplex auto 60 | speed auto 61 | media-type rj45 62 | ! 63 | interface GigabitEthernet0/4 64 | no ip address 65 | shutdown 66 | duplex auto 67 | speed auto 68 | media-type rj45 69 | ! 70 | interface GigabitEthernet0/5 71 | no ip address 72 | shutdown 73 | duplex auto 74 | speed auto 75 | media-type rj45 76 | ! 77 | interface GigabitEthernet0/6 78 | no ip address 79 | shutdown 80 | duplex auto 81 | speed auto 82 | media-type rj45 83 | ! 84 | interface GigabitEthernet0/7 85 | ip address dhcp 86 | duplex auto 87 | speed auto 88 | media-type rj45 89 | ! 90 | ip forward-protocol nd 91 | ! 92 | no ip http server 93 | no ip http secure-server 94 | ip ssh version 2 95 | ip scp server enable 96 | ! 97 | control-plane 98 | ! 99 | line con 0 100 | exec-timeout 0 0 101 | privilege level 15 102 | logging synchronous 103 | line aux 0 104 | exec-timeout 0 0 105 | privilege level 15 106 | logging synchronous 107 | line vty 0 4 108 | login local 109 | transport input ssh 110 | ! 111 | no scheduler allocate 112 | ! 113 | end 114 | --------------------------------------------------------------------------------