Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3010
Views
0
Helpful
3
Replies

Ansible playbook to find active trunks

Bill-dev
Level 1
Level 1

‎09-27-2021 01:09 PM

Hello,

 

I am looking to find all operational trunk links on a switch and then configure new allowed vlans on these trunks. 

 

I am struggling to find an ios module to do this effectively or playbook with good example. I was looking at the ios_l2_interfaces module, but it shows also trunks that are down. Seems like a security vulnerability to open up new vlans to a downed interface. I want to avoid having to configure interfaces that are down. Im surprised that I haven't found any good examples for this simple task. 

 

I want the interfaces that are shown in the output for "show int trunk". I know I could send that output to a new file and parse that to pull out the interfaces, but it seems like there should be an easier way. 

 

Does anyone have an example playbook for this kind of task? 

1 person had this problem
0 Helpful
3 Replies 3

Alexander Stevenson
Cisco Employee
Cisco Employee

‎10-14-2021 07:10 AM

 

Hello @Bill-dev,

 

I found a playbook which you may find helpful:

network-tasks - Trunk Port Audit - This ansible playbook 'shutdown-trunk-ports' has been created to audit and disable all unused/inactive trunk ports on Cisco network access switches within a network.

 

That is found on Cisco Code Exchange. If we search for 'Ansible trunk' we get over 100 code samples / repositories as a result: https://developer.cisco.com/codeexchange/explore#search=Ansible%20trunk

 

Another good place to look would be the Cisco DevNet Automation Exchange

 

Hope this helps!

0 Helpful

Bill-dev
Level 1
Level 1
In response to Alexander Stevenson

‎10-14-2021 07:54 AM

Hey alextev,
I saw that Trunk Port Audit playbook and that seems to rely on consistent trunk port descriptions. It does show some useful information though.
I haven't explored those Cisco DevNet links yet but im sure I'll find helpful information in there.
Thank you for your help!
0 Helpful

shnosifaj
Level 1
Level 1

‎04-19-2022 10:22 AM - edited ‎04-20-2022 06:05 AM

I am working this same thing, and have the same feeling that simply using a description is less reliable.  I believe the key will be leveraging cisco.ios.ios_l2_interfaces – L2 interfaces resource module — Ansible Documentation. I think you may have to contain your actions in the same task though as any time I try to reference the return object in a separate task I get "variable not defined" stuff. 

 

Edit: 
Doing some more digging, it does appear that the L2_interfaces returns an object that can be leveraged in subsequent tasks, but in typical ansible fashion it is all kinds of nested, and will probably require some some "when" qualifiers

I will have to come back on this one I'm sure but I'm certain it will work.

 

snippet from best effort before I hang it up today.

 

Edit:

Got it working.  You should be able to fill in what you need from this

 

  tasks:


  - name: Gather listed l2 interfaces with provided configurations
    cisco.ios.ios_l2_interfaces:
      config:
      state: gathered
    register: f

  - name: debug
    with_items: '{{ f["gathered"] }}'
    debug:
      msg: '{{ item["name"] }} is mode {{ item["mode"] }}'
    when: 'item["mode"] is defined and item["mode"] == "trunk"'
0 Helpful
Customers Also Viewed These Support Documents