-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathacl.yaml
78 lines (64 loc) · 1.82 KB
/
acl.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
---
- hosts: switches
gather_facts: yes
connection: local
tasks:
- name: GET CREDENTIALS
include_vars: secrets.yaml
- name: DEFINE CONNECTION
set_fact:
connection:
authorize: yes
host: "{{ inventory_hostname }}"
username: "{{ creds['username'] }}"
password: "{{ creds['password'] }}"
auth_pass: "{{ creds['auth_pass'] }}"
- name: CHECK ACLs
ios_command:
provider: "{{ connection }}"
commands:
- show ip access-list
register: beforeacl
- #debug: var=beforeacl.stdout_lines
- name: CREATE MGMT ACL
ios_config:
provider: "{{ connection }}"
lines:
- 10 permit ip host 192.168.1.254 any log
- 20 permit ip host 192.168.1.250 any log
- 30 permit ip 192.168.1.0 0.0.0.255 any log
- 40 deny ip any any log
parents: ['ip access-list extended ACL_MGMT']
before: ['no ip access-list extended ACL_MGMT']
match: exact
- name: CHECK MGMT ACLS
ios_command:
provider: "{{ connection }}"
commands:
- show ip access-list ACL_MGMT
register: afteracl
- #debug: var=afteracl.stdout_lines
- name: APPLY MGMT ACL
ios_config:
provider: "{{ connection }}"
lines:
- access-class ACL_MGMT in
parents: ['line vty 0 15']
- name: SHOW VTY ACL
ios_command:
provider: "{{ connection }}"
commands:
- show run | b line vty
register: vtyacl
- #debug: var=vtyacl.stdout_lines
- name: WAIT FOR SSH CONNECTIVITY then SAVE
wait_for:
host: "{{ inventory_hostname }}"
port: 22
timeout: 10
msg: SSH Connection failed and must reboot device to regain connectivity
- name: WRITE ME 2
ios_command:
provider: "{{ connection }}"
commands:
- wr me