ANSIBLE – FOR

NETWORK ENGINEER
AUTOMATING CISCO IOS CONFIGURATIONS

06-APRIL-2025

TOPOLOGY
ANSIBLE

1 ANSIBLE | By Meraj Hassan – Keep Calm & Automation On!

INTRODUCTION - WHAT IS ANSIBLE?

In today's rapidly evolving network environments, automation is no longer a luxury—it's a necessity.

Ansible, as part of Cisco's DevNet initiative, has emerged as a go-to solution for automating network
configurations due to its simplicity, agentless architecture, and robust community support.

This document explores the practical use of Ansible in configuring Cisco IOS routers, focusing on a
real-world topology where a Linux-based Ansible control node connects to a Cisco router. We’ll walk
through installation, Ansible concepts, task and role structuring, and a live configuration example.

Furthermore, we’ll briefly introduce advanced topics like Ansible Tower and DevOps integration to
provide a forward-looking view on scaling and managing automation across enterprise networks.

In modern network automation, Ansible has emerged as a powerful tool for managing network
devices. This article focuses on configuring a Cisco IOS router connected to a server using Ansible.
We'll break down the steps, provide a detailed configuration guide, and conclude with an introduction
to Ansible Tower and DevOps.

2 ANSIBLE | By Meraj Hassan – Keep Calm & Automation On!

NETWORK TOPOLOGY – ANSIBLE

A Linux server running Ansible is connected to a Cisco IOS router. The diagram below illustrates this
setup:

Components:

• Ansible Control Node (Linux Server)

• Cisco IOS Router
• SSH Connectivity between the Server and Router

3 ANSIBLE | By Meraj Hassan – Keep Calm & Automation On!

UNDERSTANDING ANSIBLE CONCEPTS

ANSIBLE DEFINITIONS:

• Playbook: YAML file that contains automation instructions.

• Inventory: File listing the network devices.
• Modules: Predefined functions used in playbooks.
• Tasks: Individual automation actions within a playbook.
• Roles: Structured directory for organizing playbooks.

BENEFITS OF USING ANSIBLE FOR NETWORK

AUTOMATION
• Agentless Architecture: No need to install any agent on Cisco devices—Ansible uses
SSH.
• Human-readable Syntax: YAML-based playbooks are easy to understand and modify.
• Scalability: Easily automate configuration across hundreds of devices.
• Repeatability: Ensure consistent configurations across environments.
• Rollback Support: Store configurations in Git and roll back if needed.

REAL-WORLD USE CASES FOR CISCO + ANSIBLE

• Mass Interface Configuration: Bring up/down interfaces across 100+ devices.
• QoS Deployment: Push consistent QoS policies using templates.
• ACL Management: Apply and manage access lists across routers.
• Backup Automation: Automatically back up Cisco configs nightly using cron jobs +
playbooks.
• Compliance Checking: Verify device configurations against security/compliance policies.

4 ANSIBLE | By Meraj Hassan – Keep Calm & Automation On!

SETTING UP ANSIBLE IN LINUX
STEP 1: UPDATE THE SYSTEM

sudo apt update && sudo apt upgrade -y # For Debian-based systems
sudo yum update -y # For RHEL-based systems

STEP 2: INSTALL ANSIBLE

sudo apt install ansible -y # Debian-based

sudo yum install ansible -y # RHEL-based

STEP 3: VERIFY INSTALLATION

ansible –version

STEP 4: CONFIGURE SSH ACCESS TO THE CISCO ROUTER

Ensure SSH is enabled on the Cisco device and that the server has password less access.

ssh-keygen -t rsa
ssh-copy-id admin@router_ip

5 ANSIBLE | By Meraj Hassan – Keep Calm & Automation On!

BREAKING DOWN ANSIBLE COMPONENTS

A. INVENTORY FILE (HOSTS.INI)

The inventory file defines groups and host-specific variables:

[routers]
router1 ansible_host=192.168.1.1 ansible_user=admin ansible_password=cisco

B. PLAYBOOK EXAMPLE (CONFIGURE_ROUTER.YML)

A playbook defines the automation tasks:

- name: Configure Cisco Router

hosts: routers
gather_facts: no
tasks:
- name: Set hostname
ios_config:
lines:
- hostname Router1
- name: Configure an Interface
ios_config:
lines:
- interface GigabitEthernet0/1
- ip address 192.168.1.2 255.255.255.0
- no shutdown

C. RUNNING THE PLAYBOOK

Use the following command:

ansible-playbook -i hosts.ini configure_router.yml

6 ANSIBLE | By Meraj Hassan – Keep Calm & Automation On!

USING TASKS AND ROLES IN ANSIBLE

WHAT IS A TASK?

A task in Ansible is a single unit of work. Tasks execute modules with specific arguments.

Example:

- name: Set hostname

ios_config:
lines:
- hostname Router1

WHAT IS A ROLE?

A role is a structured way to organize playbooks and tasks. It allows you to reuse code and manage
large configurations.

A. DEFINING TASKS (TASKS/MAIN.YML)

This is where individual tasks reside:

- name: Set hostname

ios_config:
lines:
- hostname Router1

- name: Configure an Interface

ios_config:
lines:
- interface GigabitEthernet0/1
- ip address 192.168.1.2 255.255.255.0
- no shutdown

7 ANSIBLE | By Meraj Hassan – Keep Calm & Automation On!

B. CREATING A ROLE STRUCTURE

Create a directory layout like this:

mkdir -p roles/router_config/{tasks,handlers,templates,files,vars,defaults,meta}

C. SPLITTING TASKS INTO FILES

roles/router_config/tasks/set_hostname.yml

- name: Set hostname

ios_config:
lines:
- hostname Router1

roles/router_config/tasks/configure_interface.yml

- name: Configure Interface

ios_config:
lines:
- interface GigabitEthernet0/1
- ip address 192.168.1.2 255.255.255.0
- no shutdown

roles/router_config/tasks/main.yml

- import_tasks: set_hostname.yml
- import_tasks: configure_interface.yml

D. ROLE-BASED PLAYBOOK (ROUTER_PLAYBOOK.YML)

- name: Apply Router Configuration

hosts: routers

8 ANSIBLE | By Meraj Hassan – Keep Calm & Automation On!

 roles:
- router_config

E. RUNNING THE ROLE-BASED PLAYBOOK

ansible-playbook -i hosts.ini router_playbook.yml

OUTPUT VERIFICATION

LINUX SERVER OUTPUT:

PLAY [Configure Cisco Router] ************************************************

TASK [Set hostname] *******************************************************
changed: [router1]
TASK [Configure an Interface] ***********************************************
changed: [router1]
PLAY RECAP ****************************************************************
router1: ok=2 changed=2

CISCO ROUTER OUTPUT:

Router1# show running-config

hostname Router1
interface GigabitEthernet0/1
ip address 192.168.1.2 255.255.255.0
no shutdown

9 ANSIBLE | By Meraj Hassan – Keep Calm & Automation On!

BRIEF OVERVIEW OF ANSIBLE TOWER AND DEVOPS

ANSIBLE TOWER

• A web-based GUI for managing Ansible automation at scale.

• Provides centralized logging, role-based access control (RBAC), job scheduling, and workflows.
• Helps teams collaborate on automation.
• Will be explored in the next document.

DEVOPS WITH ANSIBLE

• Integrates with tools like Jenkins, GitLab CI/CD.

• Supports Infrastructure as Code (IaC).
• Enables consistent, repeatable deployments in production.
• Next document will cover pipeline creation and testing.

ADVANCE ANSIBLE CONFIGURATION

1. ANSIBLE VAULT FOR SECURE CREDENTIAL
MANAGEMENT
Securely store passwords, SNMP strings, or SSH keys.

bash

ansible-vault create secrets.yml

ansible-vault edit secrets.yml
ansible-playbook secure_config.yml --ask-vault-pass

Example vault variable:

yaml

ansible_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
643165613564...

10 ANSIBLE | By Meraj Hassan – Keep Calm & Automation On!

 2. TEMPLATES AND JINJA2 FOR DYNAMIC
CONFIGURATIONS
Use Jinja2 to create templates for interfaces, VLANs, etc.

TEMPLATE EXAMPLE (HOSTNAME_TEMPLATE.J2):

nginx
hostname {{ inventory_hostname }}

Playbook using template:

yaml
- name: Apply dynamic hostname
ios_config:
src: hostname_template.j2

3. ANSIBLE FACTS & GATHERED VARIABLES

While gather_facts: no is often used with network devices, Ansible can still pull facts using modules
like ios_facts.

yaml
- name: Gather facts
ios_facts:

Output includes: { Interfaces, OS version, Hostname, Memory and CPU }

TROUBLESHOOTING TIPS
• SSH Errors: Verify ansible_user, ansible_password, and ansible_connection=network_cli.
• Command Failures: Use ansible-playbook -vvv for verbose output.
• Module Not Found: Ensure ansible.netcommon and cisco.ios collections are installed:

ansible-galaxy collection install cisco.ios

11 ANSIBLE | By Meraj Hassan – Keep Calm & Automation On!

CONCLUSION

Ansible has proven to be a powerful tool for network automation, especially for configuring Cisco
devices. With its agentless architecture and simple YAML syntax, it allows network engineers to
automate tasks efficiently, reducing human error and improving consistency. This document provided
a foundational understanding—from installation to task execution and role-based structuring. We also
touched on advanced concepts like Ansible Tower and DevOps integration, which open doors to
scalable, collaborative automation workflows.

In our next installment, we’ll dive deeper into those advanced topics, equipping you with enterprise-
grade tools for managing your network infrastructure with confidence.

12 ANSIBLE | By Meraj Hassan – Keep Calm & Automation On!