cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
819
Views
10
Helpful
2
Replies

Ansible yml configuration for radius server on cisco ios

FPerroneUru
Beginner
Beginner

Hello, I need help to configure a line of code regarding the configuration of radius server in cisco ios.

my current line is: radius-server host "IP" auth-port 1812 acct-port 1813 key 7 xxxxx where "xxxxx" is a dinamic line.
I need to make no (current line) where a part (xxxxx) is dynamic changes for all devices.
On the other hand then I need to change the ip address, that's why I have to save xxxxx in a variable.

 

summary of what I want to do:

no radius-server host "IP" auth-port 1812 acct-port 1813 key 7 xxxxx

radius-server host "OTHER IP" auth-port 1812 acct-port 1813 key 7 xxxxx

 

where xxxxx is different for all devices.

 

Thanks a lot

1 ACCEPTED SOLUTION

Accepted Solutions

bigevilbeard
Cisco Employee
Cisco Employee

@FPerroneUru you can use  Ansible has a flexible inventory system https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html   that pulls data from various sources to feed your models. The list of devices and the key/value pairs that are used to configure those devices are combined into the specific group of facts in each device’s context. You could do something like

 

- name: RADUIS SET UP
  hosts: cisco
  gather_facts: no
  connection: network_cli
  tasks:

    - name: SET  RADUIS
      ios_config:
        commands:
          -radius-server host {{"OTHER IP"}} auth-port 1812 acct-port 1813 key 7 {{"KEY ONE"}}

This doc will show you how to build the correct inventory file  https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html

 

Hope this helps.

View solution in original post

2 REPLIES 2

bigevilbeard
Cisco Employee
Cisco Employee

@FPerroneUru you can use  Ansible has a flexible inventory system https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html   that pulls data from various sources to feed your models. The list of devices and the key/value pairs that are used to configure those devices are combined into the specific group of facts in each device’s context. You could do something like

 

- name: RADUIS SET UP
  hosts: cisco
  gather_facts: no
  connection: network_cli
  tasks:

    - name: SET  RADUIS
      ios_config:
        commands:
          -radius-server host {{"OTHER IP"}} auth-port 1812 acct-port 1813 key 7 {{"KEY ONE"}}

This doc will show you how to build the correct inventory file  https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html

 

Hope this helps.

Thank you very much! My solution my solution was to write "key" without encryption and then tell the cisco device to encrypt them in key7.

Previously using a reverse of the previous encrypted password.

 

For example:

reverse of xxxxx = "ThisIsMyKey"

no radius-server host {{"OLDER IP"}} auth-port 1812 acct-port 1813

(the previous line deletes the entire line with the key included)

radius-server host "OTHER IP" auth-port 1812 acct-port 1813 key 7 "ThisIsMyKey"

Now when executing "sh run | include radius" i see "ThisIsMyKey" escrypted.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: