Playbook for cisco switch interface Network Access Control

[Richard Lucht]

Hello experts, I am looking for a way to automate access ports for NAC on legacy authentication.  I only want to configure ports that already have "switchport mode access" and the "authentication event server dead action authorize vlan" we would like to match to the current vlan.

I need to go from

int gi 0/1

 switchport access vlan 3216

 switchport mode access

 switchport voice vlan 120  

 spanning-tree portfast

to 

 switchport access vlan 105

 switchport mode access

 switchport voice vlan 120

 ip device tracking maximum 10

 authentication event server dead action authorize vlan 105

 authentication host-mode multi-auth

 authentication order dot1x mab webauth

 authentication priority dot1x mab

 authentication port-control auto

 authentication periodic

 authentication timer reauthenticate server

 mab

 dot1x pae authenticator

 dot1x timeout tx-period 10

 spanning-tree portfast

[Mauricio Tavares]

I have never used ansible to talk to a cisco box -- I am still
struggling with my garden-variety juniper SRX box -- but if you could
pull the config in ansible and register that in a variable, you should
be able to do some probulating and create a list/dict that you can
then feed to a loop.

[heinz6...@gmail.com]

Hi,

use cisco ios config module with a jinja template. Works like a charm for me.

https://docs.ansible.com/ansible/latest/collections/cisco/ios/ios_config_module.html

Michael

[Richard Lucht]

Thank you I will check this out. Is there a GIT for example templates using this?

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/6a76ee96-0298-43d2-aa1c-8c8fb882c3f3n%40googlegroups.com.