How to Automate Configuration of Cisco Devices Using Ansible (Step-by-Step Guide)
Introduction
In large organizations with many Cisco devices, managing each device manually is time-consuming and complex. Ansible enables centralized and automated configuration across multiple devices simultaneously, saving time, reducing costs, and improving network security and efficiency. This approach allows organizations to respond quickly to network changes and requirements, maximizing resource utilization.
Using Ansible automation not only accelerates the configuration process but also minimizes human errors caused by manual settings. In this guide, we demonstrate how to use Ansible for configuring Cisco devices, including enabling or disabling SNMP version 3.
Prerequisites
- A Linux-based OS (all examples here use Ubuntu 22)
- Installed Ansible
- Required Ansible modules
- One or more Cisco devices
- SSH access with privilege level to configure the device
Limitations
- Ensure the Cisco IOS version is 15 or higher. If using version 12, you may encounter limitations with modules like ios_vlans, ios_interfaces, ios_facts, etc.
- SSH must be enabled on the device for Ansible to communicate with it.
- Tip: If testing SSH manually, use OpenSSH v7 on Linux. Newer versions may not support older Cisco protocols. As a workaround, use Ubuntu 18 or older in Docker temporarily.
Step-by-Step Guide
Step 1: Install Ansible and Cisco IOS Module
sudo apt-get update
sudo apt-get install ansible -y Then, install the Cisco IOS collection:
ansible-galaxy collection install cisco.ios
Note: You may encounter 403 errors when installing modules from Iran. In such cases, use a VPN or proxy with a non-Iranian IP address.
If successful, you’ll see output confirming module installation (see screenshots in the original guide).
Step 2: Install Python-Based Tools for Cisco Communication
Install pip, the Python package manager:
apt install python3-pip
Then install the following Python packages:
pip install pyyaml
pip install paramiko
pip install netmiko
Ensure that each package ends with a “successfully installed” message.
Step 3: Configure the Inventory and Playbook Files
Inventory File (inventory.ini)
This file defines which devices Ansible will configure, including host IPs, credentials, and connection methods.
|
[cisco_routers] router2 ansible_host=192.168.100.2 ansible_user=ansible ansible_password=ansiblepass ansible_network_os=ios ansible_connection=network_cli router3 ansible_host=192.168.200.2 ansible_user=ansible ansible_password=ansiblepass ansible_network_os=ios ansible_connection=network_cli |
|
Explanation:
|
Playbook File (snmpv3_config.yml)
This file contains the actual commands and configurations to apply:
|
- name: Configure SNMPv3 on Cisco IOS hosts: cisco_routers gather_facts: no vars: ansible_command_timeout: 120 ansible_host_key_checking: False connection: network_cli tasks: - name: Configure SNMP View cisco.ios.ios_config: lines: - snmp-server view sview iso included - name: Configure SNMP Group cisco.ios.ios_config: lines: - snmp-server group sngp v3 priv read sview - name: Configure SNMP User cisco.ios.ios_config: lines: - snmp-server user moein sngp v3 auth sha abc123PP priv aes 128 abc123PP |
|
Key Points:
|
Final Step: Run the Playbook
Use the following command to run the playbook:
ansible-playbook -i inventory.ini snmpv3_config.yml
This setup provides a scalable and efficient method to automate Cisco device management with Ansible, improving consistency, reliability, and response time in enterprise networks.
The Latest Articles
