Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
Arrow up icon
GO TO TOP
Network Automation Cookbook

You're reading from   Network Automation Cookbook Proven and actionable recipes to automate and manage network devices using Ansible

Arrow left icon
Product type Paperback
Published in Apr 2020
Publisher Packt
ISBN-13 9781789956481
Length 482 pages
Edition 1st Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
Karim Okasha Karim Okasha
Author Profile Icon Karim Okasha
Karim Okasha
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. Building Blocks of Ansible 2. Managing Cisco IOS Devices Using Ansible FREE CHAPTER 3. Automating Juniper Devices in the Service Providers Using Ansible 4. Building Data Center Networks with Arista and Ansible 5. Automating Application Delivery with F5 LTM and Ansible 6. Administering a Multi-Vendor Network with NAPALM and Ansible 7. Deploying and Operating AWS Networking Resources with Ansible 8. Deploying and Operating Azure Networking Resources with Ansible 9. Deploying and Operating GCP Networking Resources with Ansible 10. Network Validation with Batfish and Ansible 11. Building a Network Inventory with Ansible and NetBox 12. Simplifying Automation with AWX and Ansible 13. Advanced Techniques and Best Practices for Ansible 14. Other Books You May Enjoy

Configuring trunk and access interfaces

In this recipe, we will show how to configure access and trunk interfaces on Cisco IOS-based devices, and how to map interfaces to an access VLAN, as well as how to allow specific VLANs on the trunks.

Getting ready

Following our sample topology, we will configure the interfaces on the devices. As shown in this table, we are only showing the VLANs for access01 and core01— the other devices are exact replicas:

Device

Interface

Mode

VLANs

Core01

Ethernet0/1

Trunk

10,20,100

Core01

Ethernet0/2

Trunk

10,20,100

Core01

Ethernet0/3

Trunk

10,20,100,200

Access01

Ethernet0/1

Trunk

10,20,100

Access01

Ethernet0/2

Trunk

10,20,100

Access01

Ethernet0/3

Access

10

How to do it...

  1. Create a new core.yml file under group_vars and include the following core_vlans definition:
core_vlans:
- name: l3_core_vlan
vlan_id: 200
interface: Ethernet0/3
  1. Update the pb_build_network.yml playbook with the following tasks to configure all trunk ports:
  - name: "Configure L2 Trunks"
ios_l2_interface:
name: "{{ item.name }}"
mode: "{{ item.mode }}"
trunk_allowed_vlans: "{{ vlans | map(attribute='vlan_id') | join(',') }}"
state: present
loop: "{{ interfaces[inventory_hostname] |
selectattr('mode','equalto','trunk') | list }}"
- name: "Enable dot1q Trunks"
ios_config:
lines:
- switchport trunk encapsulation dot1q
parents: interface {{item.name}}
loop: "{{ interfaces[inventory_hostname] |
selectattr('mode','equalto','trunk') | list }}"
tags: dot1q
  1. Update the playbook with the following task to configure all access ports:
  - name: "Configure Access Ports"
ios_l2_interface:
name: "{{ item.name }}"
mode: "{{ item.mode}}"
access_vlan: "{{ item.vlan }}"
state: present
loop: "{{ interfaces[inventory_hostname] |
selectattr('mode','equalto','access') | list }}"

How it works...

We are using the same data structure in the lan.yml file that defines all the interfaces within the LAN network and describes their type (access/trunk). In the case of access ports, we define which access interface is part of which VLAN. We will reference this list data structure to configure the access and trunk ports on all the devices within the lan group.
The interfaces within our layer2 network are one of the following two options:

Access:

  • We use ios_l2_interface with the access_vlan parameter to configure the correct access VLAN on the interface.
  • We select only the access interfaces for each device using the selectattr jinja2 filter, and we match only one interface with a mode equal to access, and we loop over this list for each device.

Trunk:

  • We use ios_l2_interface with the trunk_allowed_vlans parameter to add all the VLANs to the trunk ports, on both access and core switches.
  • We create the permitted VLAN list using the Jinja2 map and join filters and we apply this filter to the vlans list data structure. This outputs a string similar to the following: 10,20,100.
  • We select only the trunk ports using the selectattr Jinja2 filter from the interface's data structure per node.
  • We need to configure these trunks as dot1q ports; however, this attribute is still not enabled on ios_l2_interface. Hence, we use another module, ios_config, to send the required Cisco IOS command to set up the dot1q trunks.

The following output outlines the configuration applied to the access01 device as an example for both access and trunk ports:

!
interface Ethernet0/3 >> Access Port
description Data_vlan
switchport access vlan 10
switchport mode access

!
interface Ethernet0/1 >> Trunk Port
description core01_e0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,100
switchport mode trunk

See also...

You have been reading a chapter from
Network Automation Cookbook
Published in: Apr 2020
Publisher: Packt
ISBN-13: 9781789956481
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image