Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
T
T
Tamura2021-07-01 06:57:05
Cisco
Tamura, 2021-07-01 06:57:05

How to distribute access-lists with unique ip to a large number of routers?

Good afternoon. Actually the question is: How to distribute access-lists with unique ip to a large number of routers?
Let me explain here an example of a playbook

- name: test
  hosts: 1.1.1.1 
  gather_facts: false
  connection: local
  tasks:
   - name: ip access-list extended FIREWALL-ISP1
     ios_config:
       lines: 
         - ip access-list extended FIREWALL-ISP1
         - 5 permit udp host 2.2.2.2 host 3.3.3.3 eq isakmp   
         - 6 permit esp host 2.2.2.2 host 3.3.3.3   
         - 7 permit udp host 2.2.2.2 host 3.3.3.3 eq non500-isakmp  
         - 8 permit tcp host 2.2.2.2 host 3.3.3.3 eq 22 
     parents: ip access-list extended FIREWALL-ISP1
       match: exact
- name: test
  hosts: 15.15.15.15
  gather_facts: false
  connection: local
  tasks:
   - name: ip access-list extended FIREWALL-ISP1
     ios_config:
       lines:
         - ip access-list extended FIREWALL-ISP1 
         - 5 permit udp host 4.4.4.4 host 5.5.5.5 eq isakmp   
         - 6 permit esp host 4.4.4.4 host 5.5.5.5   
         - 7 permit udp host 4.4.4.4 host 5.5.5.5 eq non500-isakmp  
         - 8 permit tcp host 4.4.4.4 host 5.5.5.5 eq 22 
     parents: ip access-list extended FIREWALL-ISP1
       match: exact


Only I have about a hundred routers and everyone needs to distribute an access-list, I think I can use ansible, but writing for all playbooks is nonsense, don’t tell me?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
M
MaxKozlov, 2021-07-01
@MaxKozlov

hosts is a list. Or a group. Or a list of groups
But if your sheets are different for everyone, then it’s better to prepare them with separate files
lines in this case you can do it through lookup (file

Report
A
Andrey Barbolin, 2021-07-01
@dronmaxman

Tamura , Here is an example.
hosts

[F11]
172.17.8.111
172.17.8.112
172.17.8.113
[F12]
172.17.8.121
172.17.8.122
172.17.8.125

[FOXGATE]
172.17.8.201
172.17.8.203
172.17.8.9

[SW-TEST]
10.100.0.7

[SW-CR01]
172.17.8.1

[SW-ALL]
172.17.8.91
172.17.8.92
172.17.8.93
172.17.8.81

You can also add tags (AC-BGP, AC-BLOCK) to the playbook and run the playbook with the keys
sudo ansible-playbook playbooks/deploy_vlan.yml -t access-list-BGP -i hosts -e "host=F11,F12"
name: DEPLOY SWITCHS CONFIG
hosts: "{{ host }}"
tasks:

- name: ACCESS-LIST-BGP WIFI PORT
  tags: AC-BGP
  ios_config:
    lines: 
     - ip access-list extended FIREWALL-ISP1
     - 5 permit udp host 2.2.2.2 host 3.3.3.3 eq isakmp   
     - 6 permit esp host 2.2.2.2 host 3.3.3.3   
     - 7 permit udp host 2.2.2.2 host 3.3.3.3 eq non500-isakmp  
     - 8 permit tcp host 2.2.2.2 host 3.3.3.3 eq 22 
  parents: ip access-list extended FIREWALL-ISP1
  match: exact

Similar questions
M
Michael2017-09-11 15:35:51
Is it possible to raise cisco 9006 and 9010 on GNS3, if so, how best to do it? 0Reply
M
Metalhacker972020-02-25 06:27:49
Setting up a tunnel on a xiaomi wi-fi router. Is it possible to? 3Reply
P
Poleno2020-02-26 16:30:43
What can be screwed to monitor and analyze traffic to the Cisco ASA? 1Reply
G
Grims2017-10-16 15:00:21
Cisco 1751V: Correct IOS and Compatibility of VIC2-2FXS + WIC-4ESW Expansion Boards? 0Reply
F
FireBars2017-11-01 17:14:02
Does it make sense to complete CCNA courses? 5Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question