Adding and Editing ACL on Cisco IOS using Ansible


Ansible playbook for adding a new ACL to Cisco IOS devices.

---
- name: Define Paramenters
  hosts: XE
  connection: network_cli
  tasks:
    - name: load new acl into device
      ios_config:
        lines:
          - 10 permit ip host 192.0.2.1 any log
          - 20 permit ip host 192.0.2.2 any log
          - 30 permit ip host 192.0.2.3 any log
          - 40 permit ip host 192.0.2.4 any log
          - 50 permit ip host 192.0.2.5 any log
          - 60 permit ip host 192.0.2.6 any log
        parents: ip access-list extended test
        before: no ip access-list extended test
        match: exact



[prashant@Prashant-VM01 ~]$ ansible-playbook play07.yml -i /home/prashant/inventory -u developer -k
SSH password:
PLAY [Define Paramenters] ***************************************************************************************************************
ok: [ios-xe-mgmt-latest.cisco.com]
ok: [ios-xe-mgmt.cisco.com]
TASK [load new acl into device] *********************************************************************************************************
changed: [ios-xe-mgmt-latest.cisco.com]
changed: [ios-xe-mgmt.cisco.com]
PLAY RECAP ******************************************************************************************************************************
ios-xe-mgmt-latest.cisco.com : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
ios-xe-mgmt.cisco.com      : ok=2    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0



Ansible playbook for modifying and existing ACL

---
- name: Define Paramenters
  hosts: XE
  gather_facts: no
  connection: network_cli
  tasks:
    - name: Edit test ACL | add seq 70 & remove seq 30
      ios_config:
        lines:
          - no 30
          - 70 permit ip host 192.0.2.7 any log
        parents: ip access-list extended test
        match: exact

Comments

Popular posts from this blog

Anyconnect SSL-Client VPN with Self-signed Certificate on Cisco ASA

Filtering Routes in BGP using Route-maps and Prefix-list

Open Shortest Path First (OSPF)

IKEv2 IPsec Site-to-Site VPN configuration on Cisco ASA 8.4(x)

IPsec VPN as a Backup for Point-to-Point Link using IP SLA

Border Gateway Protocol (BGP)

Cisco ASA Active/Active Failover Configuration

Bypassing Proxy Server in Google Chrome

Cisco ASA Active/Standby Failover Configuration