Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
T
T
Tamura2021-07-01 06:57:05
Cisco
Tamura, 2021-07-01 06:57:05

How to distribute access-lists with unique ip to a large number of routers?

Good afternoon. Actually the question is: How to distribute access-lists with unique ip to a large number of routers?
Let me explain here an example of a playbook

- name: test
  hosts: 1.1.1.1 
  gather_facts: false
  connection: local
  tasks:
   - name: ip access-list extended FIREWALL-ISP1
     ios_config:
       lines: 
         - ip access-list extended FIREWALL-ISP1
         - 5 permit udp host 2.2.2.2 host 3.3.3.3 eq isakmp   
         - 6 permit esp host 2.2.2.2 host 3.3.3.3   
         - 7 permit udp host 2.2.2.2 host 3.3.3.3 eq non500-isakmp  
         - 8 permit tcp host 2.2.2.2 host 3.3.3.3 eq 22 
     parents: ip access-list extended FIREWALL-ISP1
       match: exact
- name: test
  hosts: 15.15.15.15
  gather_facts: false
  connection: local
  tasks:
   - name: ip access-list extended FIREWALL-ISP1
     ios_config:
       lines:
         - ip access-list extended FIREWALL-ISP1 
         - 5 permit udp host 4.4.4.4 host 5.5.5.5 eq isakmp   
         - 6 permit esp host 4.4.4.4 host 5.5.5.5   
         - 7 permit udp host 4.4.4.4 host 5.5.5.5 eq non500-isakmp  
         - 8 permit tcp host 4.4.4.4 host 5.5.5.5 eq 22 
     parents: ip access-list extended FIREWALL-ISP1
       match: exact


Only I have about a hundred routers and everyone needs to distribute an access-list, I think I can use ansible, but writing for all playbooks is nonsense, don’t tell me?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
M
MaxKozlov, 2021-07-01
@MaxKozlov

hosts is a list. Or a group. Or a list of groups
But if your sheets are different for everyone, then it’s better to prepare them with separate files
lines in this case you can do it through lookup (file

Report
A
Andrey Barbolin, 2021-07-01
@dronmaxman

Tamura , Here is an example.
hosts

[F11]
172.17.8.111
172.17.8.112
172.17.8.113
[F12]
172.17.8.121
172.17.8.122
172.17.8.125

[FOXGATE]
172.17.8.201
172.17.8.203
172.17.8.9

[SW-TEST]
10.100.0.7

[SW-CR01]
172.17.8.1

[SW-ALL]
172.17.8.91
172.17.8.92
172.17.8.93
172.17.8.81

You can also add tags (AC-BGP, AC-BLOCK) to the playbook and run the playbook with the keys
sudo ansible-playbook playbooks/deploy_vlan.yml -t access-list-BGP -i hosts -e "host=F11,F12"
name: DEPLOY SWITCHS CONFIG
hosts: "{{ host }}"
tasks:

- name: ACCESS-LIST-BGP WIFI PORT
  tags: AC-BGP
  ios_config:
    lines: 
     - ip access-list extended FIREWALL-ISP1
     - 5 permit udp host 2.2.2.2 host 3.3.3.3 eq isakmp   
     - 6 permit esp host 2.2.2.2 host 3.3.3.3   
     - 7 permit udp host 2.2.2.2 host 3.3.3.3 eq non500-isakmp  
     - 8 permit tcp host 2.2.2.2 host 3.3.3.3 eq 22 
  parents: ip access-list extended FIREWALL-ISP1
  match: exact

Similar questions
A
admin_7772016-06-06 17:19:12
Can you tell me where to find good CCNP labs (ROUTE, SWITCH, TSHOOT - I'm considering all options)? 1Reply
A
Alexey Green2016-06-09 12:21:35
How do I configure DHCP receive over VLAN on a Cisco Catalyst 2950 switch? 1Reply
N
nessero2014-04-28 08:54:16
How to implement a caching server? 2Reply
B
BlackElwin2020-09-26 17:30:23
Pfsense behind Cisco ASA? 1Reply
P
Pavel2014-05-23 16:12:06
How to properly configure Cisco 2960s 24ts-s? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question