When is ansible useful? for network engineer

Tagir Temirgaliyev · ‎02-21-2021

1. You know the server name - how to find the MAC address and port of the switch in one click
2. Add a new Vlan to a switch group in one click
3. Add a new Vlan to a group of ports in one click

1. You know the name of the server - how to find the MAC address and port of the switch in one click
this problem and solution has already been described by Hank Preston https://blogs.cisco.com/developer/ask-hank-how-can-i-automate-a-mac-address-interface-report
his solution relies on Cisco pyATS and my opinion is slightly complex. I suggest a little easier.
first, you need to create a folder with files containing the result of the show arp and show mac address-table commands. the file name must match the device name (these are all L2 and L3 switches)
further, if we work in Windows, we will have to use the dos window and findstr command twice, the first time to find the IP address and the second time to find the mac address. in linux you can in one click grep inside another grep and at the output we will get the name of the switch and the port number.

how to create a folder? there are many methods like bash python ansible
if there is interest, then I will continue this topic in detail. please express your opinions

Tagir Temirgaliyev · ‎03-02-2021

here is example ansible playbook to create sh arp and sh mac address table files:

---
-
name: Backup Configs
hosts: all
gather_facts: no
tasks:
- name: Generate Backup Configs
cisco.ios.ios_config:
backup: yes
backup_options:
dir_path: ./config/
filename: "{{inventory_hostname}}.config"
- name: sh arp
ios_command:
commands: show arp
register: output
- name: output
debug:
var: output.stdout
- name: copy to file
copy: content="{{ output.stdout[0] }}" dest=./arp/{{ inventory_hostname }}.txt
- name: sh mac-add
ios_command:
commands: show mac add
register: output
- name: output
debug:
var: output.stdout
- name: copy to file
copy: content="{{ output.stdout[0] }}" dest=./mac/{{ inventory_hostname }}.txt

===========

here is example bash script:

tagir@ubuntu:~$ more sh_arp-mac.bash
#!/usr/bin/bash
##
##
##
newstr=`grep -H $1 ./arp/*`
echo $newstr

newfac=$(echo $newstr | awk '{ print $4 }')
echo $newfac
grep -H $newfac ./mac/*

tagir@ubuntu:~$

here is result of bash script:

fracjackmac · ‎10-21-2022

Hello @Tagir Temirgaliyev,

I may or may not try out your Ansible script, but I am definitely going to follow-up by building some pyATS automation using the ideas you've laid out in your post above. I also plan to add a few twists, based upon my network environment, as follows:

Collect show mac address-table information from all Nexus switches in the network
Collect show arp and show arp vrf all information from all ASR9K routers in the network
Store the information in two files, one for the output from the switches and one for the
output from the routers, so that it can be queried later
Develop a BASH / AWK script, using the one you've provided above as a base, to search the two files: using an IP address as input and returning information that includes IP address, router and router interface where the IP address was seen, MAC address for the IP address, and all switch and switch port information where the MAC address was seen
Develop a BASH / AWK script, leveraging the one above, to search the two files: using a MAC address as input and returning information that includes MAC address, all switch and switch port information where the MAC address was seen, plus the router, router interface, and IP address where the MAC address was found, if possible

I'll start the project by:

Manually gathering the ARP cache information from a single router
Picking out an IP address from the ARP cache information
Manually gathering information and determining which switches have the MAC address in their mac address table
Developing the script to match the IP address to the MAC address and associated switch ports to expand upon what you've done above
Developing the script to match the MAC address and track it back to the IP address, router, and router interface

Once I'm confident the BASH / AWK scripts will work, I'll need to:

Work out the details for using pyATS to collect all the router information
Work out the details for using pyATS to collect all the switch information
Determine a centralized location where I can store the router and switch information
Build a web page to use the two scripts along with all the data for troubleshooting
I'll also plan to archive the data each time the pyATS automation is run to help track changes in the network

Thanks for your post!!

It may take awhile, but hopefully your post will lead to a great troubleshooting tool for my network!!

@ittybittypacket

fjm / vrs

Tagir Temirgaliyev · ‎11-05-2022

How to add a new Vlans to a group of ports in one click using ansible and keep configuration consistency

for demonstration purpose, I created a simplified topology with 2 switches and 4 servers.
two servers belong to cluster A, and two more servers belong to cluster B. All ports trunk.
Of course, in reality, we meet with a much more complex topology where there can be up to 100 or more servers and up to 100 or more switches.
in a real production environment, tasks appear to add or remove one or more vlans to cluster A or cluster B, or to add or remove one or more servers to cluster and you have to add vlan manually to hundreds of ports.
in reality, configuration consistency is very important.
using ansible, you can add new vlan (or remove) to the list of vlans in the cluster in only one place.

here is a simple ansible playbook screenshot

ansible_playbook screen.png

here switches before adding vlans

switches after adding vlans