Managing Cisco IOS devices with Ansible through SNMP

Ansible for Cisco IOS is a collection of Ansible modules aimed to handle “legacy” devices. Legacy in the meaning that they don’t have any new APIs. The way to manage these devices are usually through ssh, SNMP or some less than perfect http interface. Ansible is really powerful in its simplicity, it’s really easy to get started and within hours you can accomplish great things with the system.

I’ve been using Ansible for some time and started to think about how it could be used for networking. At first I was waiting for newer and more complete APIs and had more or less given up on automating older equipment in a simple way. While we have tools like RANCID which can also modify configurations it’s still can’t compare to how things are handled in Ansible. After reading some posts online arguing that we should focus on being able to manage the legacy stuff which has an install base of billions I decided to see what could be done using SNMP.

Goals

The goal of this project is to create a number of modules which enables you to modify configuration on Cisco routers and switches using Ansible in an idempotent way.

Limitations

While you can do a lot with SNMP there’s also a lot of things you can’t change. One such example is access-lists. While Cisco has a MIB called CISCO-ACL-MIB no devices seem to support that mib.

Work in progress

The work on these modules has just started and I’ll try to create modules what’s possible to change with SNMP. It’s still early code which might contain a few bugs, it would really help if you could test the modules and let me know if you have any problem with them. Or perhaps if you don’t know how to get started.

Current modules

  • cisco_snmp_cdp – Changes CDP settings on a switch
  • cisco_snmp_interface – Changes interface settings such as description, admin state
  • cisco_snmp_portsecurity – Configures port security
  • cisco_snmp_save_config – Saves the running configuration to startup (Changing config through SNMP only modifies running not startup)
  • cisco_snmp_switchport – Changes the mode of a switchport (trunk, access), access vlan and native vlan. (future versions will support “switchport trunk allowed vlan”
  • cisco_snmp_vlan – Creates, deletes or renames VLANs

For information about the different arguments to each module check out the documentation.

SNMP Versions

Though these modules support both SNMPv2 and SNMPv3, as we’re talking about actually modifying the configuration SNMPv3 is really recommended if you were to use this anywhere near a production network.

Get the modules

The modules are available over at Github or look at the installation instructions.

Other Modules

You might also be interested in the Ansible modules for Cisco ASA, which use the REST API which came with the 9.3 release.

Email updates

Is Networklore useful to you? Get it directly to your inbox.

Popular posts